Though the different taxonomies exist based on the authority that implements the IT audit , there are three general accepted specific systematic approaches (Goodman & Lawless 1994)
- Technological innovation process audit constructs a risk profile for existing and new projects and it will assess the length and depth of the company’s experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure.
- Innovative comparison audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company’s research and development facilities, as well as its new products track record.
- Technological position audit assess the technologies that currently exist and the ones it needs to add. ( base, key, pacing or emerging technologies).
After Davis (2005) the basic steps in performing the Information Technology Audit Process are
- Studying and Evaluating Controls
- Testing and Evaluating Controls
Change management auditing
Davis, Robert E. – IT Auditing: An Adaptive Process, 2005 Mission Viejo: Pleier Corporation
Goodman A. Richard; Lawless W. Michael – Technology and strategy: conceptual models and diagnostics. 1994 Oxford University Press US. ISBN 978-0-19-507949-4