Skip to content
Log in

Audit scope

Definition

The documented boundaries of an audit: which systems, processes, organizational units, locations, and time periods are included. Scope is agreed between auditor and auditee before fieldwork and governs what the audit can conclude.

Related terms

Audit criteria
The standards, policies, or requirements against which audit evidence is compared. Common criteria include ISO/IEC 27001, NIST SP 800-53, PCI-DSS, and the...
Audit objectives
The questions the audit is designed to answer, stated in terms of control criteria. For example: do access management controls satisfy the...
Audit plan
The document that translates scope and objectives into a structured programme of fieldwork: what will be tested, how, by whom, on what...
Auditee
The organization or organizational unit being audited. In planning, the auditee provides key inputs: system inventory, risk register, previous audit findings, control...
Scope creep
The unintended expansion of a penetration test beyond the agreed boundaries, either because testers follow a vulnerability chain into an out-of-scope system...

Explained in

  • Audit Planning and Scope DefinitionThe documented boundaries of an audit: which systems, processes, organizational units, locations, and time periods are included. Scope is agreed between audito...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account