IT Governance, Risk, and Compliance:

November, 2011

1

November 29, 2011  8:44 PM

Auditing Business Continuity and Disaster Recovery – Part IV

Robert Davis Robert Davis Profile: Robert Davis

Although often referred to as disaster recovery plans, controls to ensure service continuity should address the entire range of potential disruptions. These may include relatively minor interruptions, such as temporary power failures, as well as

November 25, 2011  8:41 PM

Auditing Business Continuity and Disaster Recovery – Part III

Robert Davis Robert Davis Profile: Robert Davis

As with a business continuity plan (BCP); a disaster recovery plan (DRP) contains the consistent actions to be undertaken prior to, during and after a disaster. A sound DRP is built from a comprehensive planning system, involving all of the entity’s business processes. Disaster recovery...


November 22, 2011  9:07 PM

Auditing Business Continuity and Disaster Recovery – Part II

Robert Davis Robert Davis Profile: Robert Davis

For most professionals, business continuity planning refers to the process for developing advance arrangements and procedures enabling an entity to respond to service interruptions in such a manner...


November 18, 2011  9:00 PM

Auditing Business Continuity and Disaster Recovery – Part I

Robert Davis Robert Davis Profile: Robert Davis

After a catastrophic incident or event; losing the capability to process, retrieve, and protect information maintained electronically can significantly affect an entity’s ability to accomplish its mission. For this reason, an entity should have: (1)


November 15, 2011  9:40 PM

Auditing Information Assets Protection – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

Control environment scanning to produce a viable IT audit plan should be considered fundamental to planning an IT audit. Primary consideration regarding the control environment's operating style is IT auditability. As with most audit situations, verifiability is...


November 11, 2011  9:08 PM

Auditing Information Assets Protection – Part VII

Robert Davis Robert Davis Profile: Robert Davis

Primary drivers for IAP audit planning are verifying safeguarding existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be...


November 8, 2011  8:45 PM

Auditing Information Assets Protection – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Alternatively, IAP may be within the ambit of other IT audit areas. Under these circumstances, a ‘functional-based’, ‘application based’, or ‘compliance-based’ examination may be appropriate. ...


November 4, 2011  8:23 PM

Auditing Information Assets Protection – Part V

Robert Davis Robert Davis Profile: Robert Davis

Reflective of the COBIT "Ensure Systems Security" domain-process, IAP confidentiality and integrity are the primary information criteria, while availability, compliance, and reliability are considered secondary information criteria; even when other audit...


November 1, 2011  7:33 PM

Auditing Information Assets Protection – Part IV

Robert Davis Robert Davis Profile: Robert Davis

IAP audits normally have an operational focus addressing general controls. ‘Operational-based’ IAP audits examine audit area departmental personnel adherence to policies and procedures while simultaneously evaluating the economy, effectiveness and...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: