Legal AlertNewsThe Communiqué on the Report on Independent Audit of Information Systems and Business Processes Has Been Published in the Official Gazette and Entered into Force

• The auditor ensures that the report is complete, accurate, objective, evidential, and as clear and concise as the subject allows.

• The auditor classifies significant control deficiencies and important control deficiencies to be supported by adequate and convenient audit evidence and includes them in the report by coding them according to the determined principles. 

• The auditor reports the auditee’s opinions on the findings, results, and planned corrections, if any.

• Evaluation of information systems includes the provisions of: (i) information on employee profile of the information technologies department, (ii) direct contact information of the auditee’s managers who are responsible for the audit fields, (iii) information on the organizational structure of the information technologies department, (iv) general information on the applications/systems/tools which are used to carry out the auditee’s activities, (v) brief information regarding the information system architecture of the auditee, (vi) explanation of the network infrastructure and network topology of the auditee, (vii) demonstration of software and tools related to the auditee’s activities on the information systems architecture, (iix) brief information regarding tools which support critical control objectives such as change management, security management, if an information systems audit has been performed.

• In the report, the auditor interprets the audit objectives, audit findings and, if any, the opinions of the auditee, and includes evaluations in line with her/his own inferences and opinions, and explanations, if necessary.

https://www.resmigazete.gov.tr/eskiler/2022/03/20220325-7.htm