IT Auditing: An Adaptive Process

About the Author

Photo of Author

Robert E. Davis, MBA, CISA, CICA

Robert E. Davis is an independent management audit consultant, currently associated with Robert Half Management Resources, as well as Pleier Corporation author. His IT audit specializations include Control Objectives for Information and related Technology, Sarbanes-Oxley Act, and the Foreign Corrupt Practices Act. Regarding information security and privacy, Robert is available to provide International Organization for Standardization ISO-17799, Graham-Leach-Bliley, and Basel II Initiative consulting. His primary computer technology research interests are databases, operating systems, and distributed information systems processing.

Since starting his career as an IT auditor, Robert has provided data security consulting and IT auditing services from staff through management positions to the United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company, Fidelity/First Fidelity (Wachovia) Corporations, and other organizations.

Some of his professional IT software and hardware experience includes MVS, UNIX, Windows, Oracle, the International Money Management System, PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL.

Prior to engaging in the practice of IT auditing and information security consulting, Robert provided inventory and general accounting services to Philip Morris USA and general accounting services to Philadelphia National Bank (Wachovia).

Robert graduated from Temple University and West Chester University of Pennsylvania with a Bachelor of Business Administration and Master of Business Administration degree, respectively. While attending Temple University, his major areas of study were Business Law and Accounting. He successfully completed the requirements for a Management Information Systems subject major at West Chester University.

Robert obtained the Certified Information Systems Auditor (CISA) certificate, after passing the Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

During his twenty-year professional involvement in education, Robert acquired postgraduate and professional technical licenses in computer science and computer systems technology.

Currently, Robert is a member of the Institute of Internal Auditors IT AUDIT magazine Editorial Review Committee and author of the IT AUDIT magazine emerging issues article, “Did IT Auditing Forget the Foreign Corrupt Practices Act?”

Robert is a former ISACA-Philadelphia Chapter Board of Directors member and College Relation Chairman. Robert has provided instruction to an Internet CISA study group, the Data Processing Management Association, and the ISACA-Philadelphia Chapter CISA Review course.

Robert is a member of American Association of University Professors and the Institute for Internal Controls. He is also a college computer science and mathematics instructor, having previously taught at Cheyney University and Bryant & Stratton College.

Robert’s IT audit publications include “Information Systems Auditing: The IS Audit Planning Process”, “Information Systems Auditing: The IS Audit Study and Evaluation of Controls Process”, “Information Systems Auditing: The IS Audit Testing Process”, and “Information Systems Auditing: The IS Audit Reporting Process” electronic monographs.

Be certain to review “IT Auditing: The Process” – see a 450-slide PowerPoint presentation that is a companion product to “IT Auditing: An Adaptive Process”.

IT Auditing: An Adaptive Process

Robert E. Davis has been privileged to assist various organizations in achieving their information systems control objectives and improving business processes. Recently, he has applied his expertise in assisting organizations in fulfilling U.S. Sarbanes-Oxley reporting and control requirements as well as training professionals internationally.

Robert is sharing his experience by providing tools to prepare auditors to perform IT audits in an extremely cost-effective manner.

Business organizations, governmental organizations, colleges, and universities can benefit from his knowledge and expertise concerning IT auditing.

"IT Auditing: An Adaptive Process" provides a solid foundation for performing U.S. Sarbanes Oxley Act and Foreign Corrupt Practices Act IT audits.

"IT Auditing: An Adaptive Process" addresses managerial responsibilities for audit managers.

Additional references and information are available at Have CISA – Will Travel.

Your feedback, concerning this product, should be sent to

IT Auditing: An Adaptive Process Workbook

“IT Auditing: An Adaptive Process” is a 136-page workbook designed to be a self-contained tool for learning IT audit process flexibility, while performing effective IT audits, as well as as a companion product for “IT Auditing: The Process”. Specifically, “IT Auditing: An Adaptive Process” is an enhanced and consolidated version of four IT audit monographs. This workbook invites the reader to practice IT auditing based on generally accepted IT audit standards and guidelines through detailed examples. Furthermore, this workbook allows an IT auditor to understand various steps and processes required to adequately initiate, document, and compile IT audit phases.

“IT Auditing: An Adaptive Process” is also available for order online as a downloadable product.

This publication includes information about the following:

Chapter One: Planning

Audit Objectives
Business Objectives
Organizational Practices
Audit Risk Assessment
Internal Control Assessment
Audit Plan
Engagement Letter
Opening Conference
Appendix A Audit Findings Form
Appendix B Financial Statements Activity Control Objectives Matrices
Appendix C Planning Documentation Checklist
Appendix D Opening Conference Worksheet
Bibliography for Chapter 1

Chapter 2: Study and Evaluation of Controls

Study of Controls
Study of Internal Controls
Study of Legal issues
Study of External Controls
Design Materiality
Control Objectives
Evaluation of Internal Controls
Evaluation of External Controls
Illegal and Irregular Acts
Working Papers
Audit Evidence
Assessing Risk
Assessing Testing
Appendix A Conflict (Control) Matrix Template
Appendix B Transaction / Control Matrix Template
Appendix C Audit Evidence Catalog
Bibliography for Chapter 2

Chapter 3: Testing and Evaluating

Testing Materiality
Testing Objectives
Testing Design
Testing Methodologies
Statistical Testing Methodologies
Non-Statistical Testing Methodologies
Sampling Size Selection
Sampling Methodologies
Conducting Tests
CAAT Testing
Testing Evaluation
Test Documentation
Assessing Risk
Bibliography for Chapter 3

Chapter 4: Reporting

Assessing Audit Findings
Audit Report Materiality
Assessing Risk
Cost-Benefit Analysis
Working Papers Retention
Audit Evidence
Draft Audit Report
Subsequent Events
Draft Report Distribution
Closing Conference
Client Responses
Final Audit Report
Final Report Distribution
Appendix A External Information Systems Audit Report Illustration
Appendix B Closing Conference Worksheet
Appendix C Audit Working Papers Checklist
Bibliography for Chapter 4

Acronyms Used Throughout This Workbook
Glossary of Terms Used Throughout This Workbook
Bibliography for Entire Workbook

Other Resources

If you like the quality of this electronic publication on CD check for additional information.

Current Publications – Click the link to preview:

Print Order Form - PDF
Print Order Form - Word Document

Order Online

ADM PLUS Audit Management Systems for managing an Audit Department includes risk management and risk assessment functions.

o Review information about this software

o Download and try this client-server software with no risk at

Please tell other Audit Professionals during your sharing about these resources.

Thank you.
Joseph R Pleier
Pleier Corporation