Carrying out a professional IT audit procedure

This is a much bigger question than I think you realise - for a start, the major IT audit firms have a very large amount of Intellectual Property in this area, so while you will be able to find high level documentation, you may have trouble finding full detailed documents.

From my time in a Big-4 audit firm, I probably saw over 300 workplans for audit of specific technologies, and contributed to maybe 50 of those. The time investment is pretty high.

In saying that, I would definitely suggest you join ISACA (the Information Systems Audit and Control Association), which is the definitive body for this industry. A vast amount of information is available through ISACA, including CobIT and audit guidance.

(disclosure - one of my roles is President of the Scottish ISACA chapter)


The traditional answer to your question is - get a job at an auditing firm. It'll be a junior position, but that's how you learn the trade. You'll get access to the sort of workplans Rory mentioned, but even more importantly, you'll get experience applying them to actual audit situations.

I've met good auditors, and I've met poor auditors, and good auditing is more than having the right software, journals, or templates. I don't know what your masters is in, but it likely has not prepared you for being on-the-ground in an audit. Being in front of clients, asking questions, and digging out the answers that they don't even know they have sometimes. (You don't mention your work experience, which may be relevant for all I know).

Just my .02c. Good luck!