IT Governance, Risk, and Compliance:

IT Audit


November 18, 2011  9:00 PM

Auditing Business Continuity and Disaster Recovery – Part I



Posted by: Robert Davis
BCP, Business Continuity, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Crisis Management, Disaster Recovery, DRP, IT Audit

After a catastrophic incident or event; losing the capability to process, retrieve, and protect information maintained electronically can significantly affect an entity’s ability to accomplish its mission. For this reason, an entity should have: (1)

November 15, 2011  9:40 PM

Auditing Information Assets Protection – Part VIII



Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit

Control environment scanning to produce a viable IT audit plan should be considered fundamental to planning an IT audit. Primary consideration regarding the control environment's operating style is IT auditability. As with most audit situations, verifiability is...


November 11, 2011  9:08 PM

Auditing Information Assets Protection – Part VII



Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit

Primary drivers for IAP audit planning are verifying safeguarding existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be...


November 8, 2011  8:45 PM

Auditing Information Assets Protection – Part VI



Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit

Alternatively, IAP may be within the ambit of other IT audit areas. Under these circumstances, a ‘functional-based’, ‘application based’, or ‘compliance-based’ examination may be appropriate. ...


November 4, 2011  8:23 PM

Auditing Information Assets Protection – Part V



Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit

Reflective of the COBIT "Ensure Systems Security" domain-process, IAP confidentiality and integrity are the primary information criteria, while availability, compliance, and reliability are considered secondary information criteria; even when other audit...


November 1, 2011  7:33 PM

Auditing Information Assets Protection – Part IV



Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit

IAP audits normally have an operational focus addressing general controls. ‘Operational-based’ IAP audits examine audit area departmental personnel adherence to policies and procedures while simultaneously evaluating the economy, effectiveness and...


October 28, 2011  8:30 PM

Auditing Information Assets Protection – Part III



Posted by: Robert Davis
Administrative Control, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Control, IAP, Information Assets Protection, Information Security Governance, Internal Control, ISG, IT Audit

Usually, auditors with an ‘administrative control’ abstraction level agree that such controls might be examined for the purpose of recommending managerial improvements. However, they do not consider IT security auditable...


October 25, 2011  7:58 PM

Auditing Information Assets Protection – Part II



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, IAP, Information Assets Protection, Information Security Governance, Internal Audit, ISG, IT Audit

Retrospectively, information security audits are a routine matter for internal auditors, but sometimes a controversial issue among external auditors. The controversy centers on the extent that IT...


October 21, 2011  8:29 PM

Auditing Information Assets Protection – Part I



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, IAP, Information Assets Protection, Information Security Governance, Internal Audit, ISG, IT Audit

Failure of an entity to take proper safeguarding precautions can lead to major operational problems and substantial asset loss. Incidents recorded throughout the world continuously reiterate that entities should not ignore information assets protection (IAP) risks and the need for processes to


October 18, 2011  8:16 PM

Auditing Information Security Governance – Part VIII



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, COBIT, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Evaluating IT solutions with the adequate level of IT security controls over IT resources requires a detailed principles and practices understanding. Regarding audit staffing, potential ISG engagement members should have the appropriate seniority and proficiency. Generally, when...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: