Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit
Usually, auditors with an ‘administrative control’ abstraction level agree that such controls might be examined for the purpose of recommending managerial improvements. However, they do not consider IT security auditable unit examinations beyond access controls necessary for the purpose of formulating an opinion on financial statements. Contrary to this ‘administrative control’ belief, when an IT security examination encompassing all aspects of IAP is performed as part of the financial statement audit, an IT security related assessment is a comprehensive effort to evaluate the controls over, as well as reliability and integrity of, reported financial data.
“View Part I of the Auditing Information Assets Protection series here“