April 13, 2012 8:19 PM
Posted by: Robert Davis
Change Control,
Change Management,
CMDB,
Configuration Management,
IAP,
Information Assets Protection,
Infrastructure,
IT Infrastructure,
ITIM,
Service Delivery,
SystemsChange management is the practice of ensuring all CI alterations are carried out in a planned and authorized manner. Change can occur for various reasons including response to business process needs, the availability and...
April 10, 2012 9:23 PM
Posted by: Robert Davis
Change Control,
CMDB,
Configuration Management,
IAP,
Information Assets Protection,
Infrastructure,
IT Infrastructure,
ITIM,
Service Delivery,
SystemsEnabling accommodation of essential configuration management requirements is the implementation and control of a database (commonly referred to as a Configuration Management Database (CMDB)) containing details regarding infrastructure elements that are utilized in IT services...
November 15, 2011 9:40 PM
Posted by: Robert Davis
Administrative Control,
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Control,
IAP,
Information Assets Protection,
Information Security Governance,
Internal Control,
ISG,
IT AuditControl environment scanning to produce a viable IT audit plan should be considered fundamental to planning an IT audit. Primary consideration regarding the control environment's operating style is IT auditability. As with most audit situations, verifiability is...
November 11, 2011 9:08 PM
Posted by: Robert Davis
Administrative Control,
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Control,
IAP,
Information Assets Protection,
Information Security Governance,
Internal Control,
ISG,
IT AuditPrimary drivers for IAP audit planning are verifying safeguarding existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be...
November 8, 2011 8:45 PM
Posted by: Robert Davis
Administrative Control,
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Control,
IAP,
Information Assets Protection,
Information Security Governance,
Internal Control,
ISG,
IT AuditAlternatively, IAP may be within the ambit of other IT audit areas. Under these circumstances, a ‘functional-based’, ‘application based’, or ‘compliance-based’ examination may be appropriate. ...
November 4, 2011 8:23 PM
Posted by: Robert Davis
Administrative Control,
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Control,
IAP,
Information Assets Protection,
Information Security Governance,
Internal Control,
ISG,
IT AuditReflective of the COBIT "Ensure Systems Security" domain-process, IAP confidentiality and integrity are the primary information criteria, while availability, compliance, and reliability are considered secondary information criteria; even when other audit...
November 1, 2011 7:33 PM
Posted by: Robert Davis
Administrative Control,
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Control,
IAP,
Information Assets Protection,
Information Security Governance,
Internal Control,
ISG,
IT AuditIAP audits normally have an operational focus addressing general controls. ‘Operational-based’ IAP audits examine audit area departmental personnel adherence to policies and procedures while simultaneously evaluating the economy, effectiveness and...
October 28, 2011 8:30 PM
Posted by: Robert Davis
Administrative Control,
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Control,
IAP,
Information Assets Protection,
Information Security Governance,
Internal Control,
ISG,
IT AuditUsually, auditors with an ‘administrative control’ abstraction level agree that such controls might be examined for the purpose of recommending managerial improvements. However, they do not consider IT security auditable...
October 25, 2011 7:58 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
IAP,
Information Assets Protection,
Information Security Governance,
Internal Audit,
ISG,
IT AuditRetrospectively, information security audits are a routine matter for internal auditors, but sometimes a controversial issue among external auditors. The controversy centers on the extent that IT...
