IT Governance, Risk, and Compliance:

December, 2011

1

December 30, 2011  9:55 PM

Auditing Systems and Infrastructure Life Cycle Management – Part V

Robert Davis Robert Davis Profile: Robert Davis

Entities may partially or fully delegate some or all of its IT asset development to a third party processor (TPP). Whereby, IT resources that may be outsourced include: infrastructure, platforms, and applications. Usually, the responsibility for...

December 27, 2011  9:38 PM

Auditing Systems and Infrastructure Life Cycle Management – Part IV

Robert Davis Robert Davis Profile: Robert Davis

‘Application-based’ implementation audits assess any or all parts of the deployment process of a project. The IT auditor should assess relevant SDLC stages, as they are occurring, to highlight risks or issues and provide necessary risk mitigation recommendations to the...


December 23, 2011  8:48 PM

Auditing Systems and Infrastructure Life Cycle Management – Part III

Robert Davis Robert Davis Profile: Robert Davis

Categorically, ‘Application-based’ pre-acquisition audits assess a system prior to obtaining usage rights considering such matters as: software requirements, vendor bidding, and system selection. Specifically, pre-acquisition assurance service coverage includes effects on IT...


December 20, 2011  8:54 PM

Auditing Systems and Infrastructure Life Cycle Management – Part II

Robert Davis Robert Davis Profile: Robert Davis

SILCM audits normally have a functional focus. ‘Functional-based’ SILCM audits examine identified processes as auditable units. However, if during ‘functional-based’ planning the IT auditor...


December 16, 2011  9:54 PM

Auditing Systems and Infrastructure Life Cycle Management – Part I

Robert Davis Robert Davis Profile: Robert Davis

There is general agreement that IT auditor involvement in systems and infrastructure development life cycle (SIDLC) projects would aid in ensuring IT architecture items work properly and include adequate controls. However, there is less agreement as to role IT auditors should play in the SIDLC. ...


December 13, 2011  9:15 PM

Auditing Business Continuity and Disaster Recovery – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

An IT auditor should perform a preliminary control environment (CE) assessment corresponding to the audit area being examined to enable reasonable assurance that all significant items will be adequately addressed during the


December 9, 2011  10:39 PM

Auditing Business Continuity and Disaster Recovery – Part VII

Robert Davis Robert Davis Profile: Robert Davis

Primary drivers for organizational continuity assurance service planning are: verifying continuity plan existence and assessing continuity plan adequacy. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be obtained...


December 6, 2011  8:32 PM

Auditing Business Continuity and Disaster Recovery – Part VI

Robert Davis Robert Davis Profile: Robert Davis

BCP audits normally have an organizational focus. ‘Organizational-based’ BCP audits examine deployed frameworks, managerial issues, and departmental activities. However, if during...


December 2, 2011  8:53 PM

Auditing Business Continuity and Disaster Recovery – Part V

Robert Davis Robert Davis Profile: Robert Davis

The IT auditor’s primary purpose, when performing an audit of business continuity and/or disaster recovery, should be to identify, document, test, evaluate, and report the controls as well as the associated risks related to


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: