IT Audit Scope

armitage

in that case, the audit scope will definitely be limited, most likely will be financial statement focused, which means the Oracle system (include accuracy, integrity, completeness, authorisation of data, etc) or possibliy AIX will be the only areas audited.  They will perform General IT Assessment on IT operations and technical environment first, to get an idea where are the high risk areas. Unless they identified major efficiency issues of your company\'s IT operations, they normally will not audit email and web servers, not to mention modems. Time and budget always limit what the external Auditors can review, especially for IT Auditors.\r\n\r\nBTW, if EY\'s financial audit team discovered problems with financial data generated by the Oracle system, they can also ask their IT Auditors to perform CAAT (computer aided audit technique), which basically is to extract data from Oracle and then perform calculations to discover discrepancies. \r\n\r\njust my 2 cents, hope it helps.