What should an organization's IS audit charter primarily specify?

The IS audit charter primarily specifies the role of the IS audit function within the organization. This is essential because it lays the foundation for the authority, independence, and responsibilities of the audit team. The charter defines how the audit function interacts with various stakeholders and establishes its purpose in evaluating and improving the effectiveness of governance, risk management, and control processes.

By clearly outlining the roles and responsibilities, the charter ensures that there is a shared understanding of the audit function's objectives, enabling it to operate effectively within the organizational structure. This clarity helps in maintaining the integrity and independence of the audit process, which is crucial for obtaining reliable and unbiased assessment results.

While the other options are relevant to the operational aspects of conducting audits, they do not capture the fundamental essence of what an IS audit charter is meant to establish. Plans for audit engagements, objectives and scope, and training plans are typically defined in policies and procedures stemming from the charter, rather than being core components of the charter itself.