Home > IT Blogs > IT Governance, Risk, and Compliance/

IT Governance, Risk, and Compliance:

External Audit

123
October 11, 2011  7:51 PM

Auditing Information Security Governance – Part VI



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, COBIT, Control Environment, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Primary drivers for ISG assurance planning is the verification of governance existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be obtained during engagement planning to...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 7, 2011  8:59 PM

Auditing Information Security Governance – Part V



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, COBIT, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

ISG audits normally have an organizational focus. ‘Organizational-based’ ISG audits and reviews examine deployed frameworks, managerial issues, and departmental activities. However, if during organizational-based planning the IT auditor discovers a governance framework is not deployed, the...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 4, 2011  8:14 PM

Auditing Information Security Governance – Part IV



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

To prevent expectation misinterpretation, the ISG engagement ‘terms of reference’ should minimally address engagement ambit, reporting lines, and IT audit authority. Specifically, ISG functional areas and issues definitions,...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 30, 2011  8:54 PM

Auditing Information Security Governance – Part III



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Reflective of ISACA standards and guidelines, the IT audit process should be replicated within for-profit and not-for-profit entities. Foundational assurance topics which should be considered from a management perspective are presented within the Information...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 27, 2011  8:19 PM

Auditing Information Security Governance – Part II



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Management is responsible for developing and deploying good security governance, which has been typically defined to include resilient protection regarding the IT infrastructure and related information systems supporting critical functions and business processes. Within the information security...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 23, 2011  7:47 PM

Auditing Information Security Governance – Part I



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Governance supports stakeholder expectations related to management’s fiduciary responsibilities. Governance also reflects how an entity achieves its stated mission. Specifically, governance can be considered the program by which entities are directed and controlled.

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

123