IT Governance, Risk, and Compliance

Nov 1 2011   7:33PM GMT

Auditing Information Assets Protection – Part IV

Posted by: Robert Davis
Administrative Control
Certified Information Systems Auditor
Certified Information Technology Professional
Certified Internal Auditor
Certified Internal Controls Auditor
Certified Public Accountant
External Control
Information Assets Protection
Information Security Governance
Internal Control
IT Audit

IAP audits normally have an operational focus addressing general controls. ‘Operational-based’ IAP audits examine audit area departmental personnel adherence to policies and procedures while simultaneously evaluating the economy, effectiveness and efficiency of assigned tasks; relative to the fore stated control group. Whereas, general IT controls can be classified to include organizational structures, hardware configurations, operating systems, physical facilities, development methodologies, change management, and operational continuity. However, if during ‘operational-based’ planning the IT auditor discovers an IAP framework is not deployed, the audit planner should consider utilizing the COBIT Deliver and Support-Ensure Systems Security framework domain process as a baseline for setting detail objectives.

View Part I of the Auditing Information Assets Protection series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: