Technology audit: Level 7

Ensures that there is planned audit coverage across the organisation, and liaises with executives to ensure that this coverage is relevant and understood. Directs use of risk analysis to identify areas for in-depth review. Evaluates the effectiveness of corporate IT strategy and governance and makes recommendations for development. Agrees terms of reference for audits with clients. Plans audit cycle, and leads and manages audit function. Determines the need for and manages the effective use of additional IT experts. Reports at the most senior level on the findings, relevance and recommendations for improvement. Represents the audit function at the Audit Committee of the organisation.

Technology audit: Level 6

Specifies organisational procedures for the assessment of an activity, process, product or service, against recognised criteria, such as ISO 27001. Develops plans for risk-based audit coverage of technology systems for inclusion in audit planning and uses experience to ensure audit coverage is sufficient to provide the business with assurance of adequacy and integrity. Leads and manages complex technical audits, managing specialists contracted to contribute highly specialised technical knowledge and experience. Identifies areas of risk and specifies interrogation programs. Recommends changes in processes and control procedures based on audit findings, including, where appropriate, the assessment of safety-related software systems to determine compliance with standards and required levels of safety integrity. Provides general and specific advice, and authorises the issue of formal reports to management on the effectiveness and efficiency of control mechanisms.

Technology audit: Level 5

Manages risk-based audit of existing and planned technology systems. Identifies areas of risk and evaluates adequacy and effectiveness of organisation's approach to risk in use of IT. Assesses and communicates associated risks of a complex nature to middle and senior managers. Recommends changes in processes and control procedures based on audit findings. Provides general and specific advice. Collates conclusions and recommendations, and presents audit findings to management regarding the effectiveness and efficiency of control mechanisms in information systems. Engages with providers of other IT assurance such as compliance audits, quality assurance functions and other technical specialists.

Technology audit: Level 4

Contributes to risk-based audit of existing and planned technology systems. Identifies IT risk in detail, assesses and tests the effectiveness of control measures and prepares formal reports in order to provide independent assurance on an organisation's information security, integrity and resilience.