Home > IT Blogs > IT Governance, Risk, and Compliance/

IT Governance, Risk, and Compliance:

October, 2011

1
October 28, 2011  8:30 PM

Auditing Information Assets Protection – Part III



Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit

Usually, auditors with an ‘administrative control’ abstraction level agree that such controls might be examined for the purpose of recommending managerial improvements. However, they do not consider IT security auditable...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 25, 2011  7:58 PM

Auditing Information Assets Protection – Part II



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, IAP, Information Assets Protection, Information Security Governance, Internal Audit, ISG, IT Audit

Retrospectively, information security audits are a routine matter for internal auditors, but sometimes a controversial issue among external auditors. The controversy centers on the extent that IT...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 21, 2011  8:29 PM

Auditing Information Assets Protection – Part I



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, IAP, Information Assets Protection, Information Security Governance, Internal Audit, ISG, IT Audit

Failure of an entity to take proper safeguarding precautions can lead to major operational problems and substantial asset loss. Incidents recorded throughout the world continuously reiterate that entities should not ignore information assets protection (IAP) risks and the need for processes to

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 18, 2011  8:16 PM

Auditing Information Security Governance – Part VIII



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, COBIT, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Evaluating IT solutions with the adequate level of IT security controls over IT resources requires a detailed principles and practices understanding. Regarding audit staffing, potential ISG engagement members should have the appropriate seniority and proficiency. Generally, when...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 14, 2011  8:48 PM

Auditing Information Security Governance – Part VII



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, COBIT, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

An IT auditor should include in the audit ambit relevant processes for planning, organizing, and monitoring information security activities. Furthermore, the audit ambit should include control systems for the use and protection of the full range...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 11, 2011  7:51 PM

Auditing Information Security Governance – Part VI



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, COBIT, Control Environment, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Primary drivers for ISG assurance planning is the verification of governance existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be obtained during engagement planning to...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 7, 2011  8:59 PM

Auditing Information Security Governance – Part V



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, COBIT, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

ISG audits normally have an organizational focus. ‘Organizational-based’ ISG audits and reviews examine deployed frameworks, managerial issues, and departmental activities. However, if during organizational-based planning the IT auditor discovers a governance framework is not deployed, the...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 4, 2011  8:14 PM

Auditing Information Security Governance – Part IV



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

To prevent expectation misinterpretation, the ISG engagement ‘terms of reference’ should minimally address engagement ambit, reporting lines, and IT audit authority. Specifically, ISG functional areas and issues definitions,...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

1