October 11, 2011 7:51 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
COBIT,
Control Environment,
External Audit,
Information Security Governance,
Internal Audit,
ISG,
IT AuditPrimary drivers for ISG assurance planning is the verification of governance existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be obtained during engagement planning to...
October 7, 2011 8:59 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
COBIT,
External Audit,
Information Security Governance,
Internal Audit,
ISG,
IT AuditISG audits normally have an organizational focus. ‘Organizational-based’ ISG audits and reviews examine deployed frameworks, managerial issues, and departmental activities. However, if during organizational-based planning the IT auditor discovers a governance framework is not deployed, the...
October 4, 2011 8:14 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Information Security Governance,
Internal Audit,
ISG,
IT AuditTo prevent expectation misinterpretation, the ISG engagement ‘terms of reference’ should minimally address engagement ambit, reporting lines, and IT audit authority. Specifically, ISG functional areas and issues definitions,...
September 30, 2011 8:54 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Information Security Governance,
Internal Audit,
ISG,
IT AuditReflective of ISACA standards and guidelines, the IT audit process should be replicated within for-profit and not-for-profit entities. Foundational assurance topics which should be considered from a management perspective are presented within the Information...
September 27, 2011 8:19 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Information Security Governance,
Internal Audit,
ISG,
IT AuditManagement is responsible for developing and deploying good security governance, which has been typically defined to include resilient protection regarding the IT infrastructure and related information systems supporting critical functions and business processes. Within the information security...
September 23, 2011 7:47 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Information Security Governance,
Internal Audit,
ISG,
IT AuditGovernance supports stakeholder expectations related to management’s fiduciary responsibilities. Governance also reflects how an entity achieves its stated mission. Specifically, governance can be considered the program by which entities are directed and controlled.
April 5, 2010 5:57 PM
Posted by: Robert Davis
Assurance Service,
Attestation,
Audit Report,
Evidence,
Follow-up Procedures,
IT AuditFollow-up activities are essential to enabling continuous improvement in IT governance. IT audit must ensure follow-up activities are completed in a timely manner to reduce the cited risks to the entity’s operations. Nevertheless, management must...
April 1, 2010 6:56 PM
Posted by: Robert Davis
AICPA,
American Institute of Certified Public Accountants,
Assurance Service,
Attestation,
Audit Committee,
Audit Report,
Evidence,
Follow-up Procedures,
IFAC,
Information Systems Audit and Control Association,
International Federation of Accountants,
ISACA,
IT Audit,
Project Management,
The IIA,
The IIC,
The Institute for Internal Controls,
The Institute of Internal AuditorsA report on the status of follow-up activities, including agreed-upon recommendations not implemented, should be presented to the audit committee, if one has been established, or alternatively to the most
March 29, 2010 6:00 PM
Posted by: Robert Davis
Accounting Principles,
AICPA,
Assurance Service,
Attestation,
Audit Report,
Evidence,
Follow-up Procedures,
IFAC,
Information Systems Audit and Control Association,
Institute of Certified Public Accountants,
International Federation of Accountants,
ISACA,
IT Audit,
Project Management,
The IIA,
The IIC,
The Institute for Internal Controls,
The Institute of Internal AuditorsControl follow-up are activities pursued when an exception condition is identified and reported as presenting a risk to the entity. As a part of the follow-up activities, the...
