Information systems audit: implementation of the Cobit4.1 approach

This work is part of an internship that I carried out at the internal audit department of the "Société Tunisienne de l'Électricité et de Gaz" (STEG) for the national diploma of professional master in "Internal Audit and Audit of Information Systems". STEG, the host institution, was among the first Tunisian companies to integrate the internal audit function into its structure (by laying the first brick in 1972) in order to comply with the regulations in force and to improve the quality of its services. Noticing early on the challenges of IS in the modern economy, it was the first in Tunisia to establish an IT audit unit in 1985. Since then, the internal audit department has continued to seek to develop its approaches, methods and working tools. My mission during this internship was to contribute to the development of the internal audit function by providing an answer to the following question: "what approach should we implement in order to allow auditors to plan, organise and execute coherent and complementary audit missions covering the entirety of IS"?