IT Audit

The TCA’s experience related to information technology (IT) audit began by applying data analysis techniques within compliance audits in the 1990s and resulted in the establishment of a devoted CAATs group in 1997.
As a result of the efforts to meet the rising needs for IT audit methodology and knowledge, the TCA has developed its own IT Audit Manual in 2007, which adopts a risk-based audit approach and complies with international IT audit standards, frames and the best practices. In the meantime, to further develop its theoretical knowledge and experience in the field, the TCA cooperated with various specialized agencies to organize trainings for its IT auditors and use experts’ work in IT audits.
The TCA has a devoted IT Audit Group, which is furnished with roles and responsibilities to develop the IT audit methodology, execute IT audits and provide IT audit support to regularity audit teams in special cases.
The TCA has the legal mandate to conduct IT audits in three different ways:

  • IT audit as a part of regularity audits,
  • IT audit as a part of performance audits in the field of IT,
  • Separate IT audits.
The TCA tends to carry out IT audits as a part of regularity audits. The focus of this type of IT audit is the IT having direct or indirect impact on the accounting data and financial statements, and the main concern of auditors is the IT controls regarding the reliability and integrity of IT system and data. Furthermore, basic IT controls for the auditors are provided in the Regularity Audit Manual of the TCA in the form of a toolkit, which is applied in every regularity audit.
Additionally, there are samples of separate IT audits by IT auditors, who put more emphasis on the security aspects of IT controls.
With the 2016-2019 National e-Government Strategy and Action Plan, The TCA now bears responsibility for “ensuring the efficient and generalized audit for e-government projects in the public sector.” In this context:
  • An audit model and an audit guide have been developed for e-government projects,
  • Pilot audit assignments have been carried out for testing the model and the guide,
  • After revising the model and the guide according to the pilot audits results, e-government project audits will be generalized,
The guide will also be adapted for public sector internal audit units, and IT audit trainings for internal auditors will be held.