An audit methodology is a documented approach for performing the audit in a consistent and repeatable manner. The audit methodology is designed to meet audit objectives by defining the following:
. A statement of work
. A statement of scope
. A statement of audit objectives
The methodology should be approved by management and thoroughly documented so that it provides a highly repeatable process. All audit employees must be trained and must have knowledge of the methodology.

Using a structured and repeatable methodology fosters the establishment of boundaries and builds confidence in the audit process. Each step of the audit process is described in greater detail here:

Audit Methodology
1. Audit subject—Identify which areas are to be audited
2. Audit objective—Define why the audit is occurring. As an example, the objective of the audit might be to ensure that access to private information such as social security numbers is controlled.
3. Audit scope—Identify which specific functions or systems are to be examined.
4. Pre-audit planning—Identify what skills are needed for the audit, how many auditors are required, and what other resources are needed. Necessary policies or procedures should be identified, as should the plans of the audit. The plans should identify what controls will be verified and tested.
5. Data gathering—Identify interviewees, identify processes to be tested and verified, and obtain documents such as policies, procedures, and standards. Develop procedures to test controls.
6. Evaluation of test results—These will be organization specific. The objective will be to review the results.
7. Communication with management—Document preliminary results and communicate to management.
8. Preparation of audit report—The audit report is the culmination of the audit process and might include the identification of follow-up item