Register

Forgot Password

Site FAQ

Home > IT Answers > Linux > How to conduct an IT General Controls Audit f...

PankajR

5 pts.

How to conduct an IT General Controls Audit for a Holdings & Investments Company and a Real Estate Company (Developers)

Red Hat, IT auditing, IT audits, Controls Audit, Windows Server 2003, Windows Server 2008

How to conduct an IT General Controls Audit for a Holdings & Investments Company and a Real Estate Company (Developers) using HP Servers, Windows 2008, windows 2003 (backend) and Red Hat Operating Systems.

Software/Hardware used:
HP Servers, Windows 2008, windows 2003 (backend) and Red Hat Operating Systems.

ASKED: Dec 20, 2009 6:47 AM GMT

RELATED QUESTIONS

KevinBeaver

9,195 pts.

Answer Wiki:

How do you mean? Sounds like hiring an outside expert would be your best bet.

Last Wiki Answer Submitted: Dec 22, 2009 3:17 PM (GMT) by KevinBeaver

9,195 pts.

To see other answers submitted to the Answer Wiki View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Cybernorris

50 pts. | Jan 11, 2010 6:34 PM (GMT)

The first step is to determine their controls and the standards to which the audit should be performed.

General controls typically start at the top with the policies set in place by the board. These should be expanded upon and enumerated in the company’s various policies and procedures. General controls includes information security, change management, incident management, software policy, hardware policy, backup/recovery, information controls, physical security, privacy policies, HR practices and much more. Depending on the size of the organization, a thorough audit could take many months.

There are a few steps. First determine what the controls are, then audit against the controls… is the company doing what it says it should. Finally are the controls sufficient to meet the needs and/or requirements. You’ll need to take into consideration any regulations or required standards

Check out www.ISACA.org for COBIT (the best IT controls framework in the world) as well as tons of info on how to perform an IT audit.

Oh yeah, the auditor should not be anyone with operational responsibility. One cannot audit what one does. If you don’t have the staff for this, Kevin is right… hire an outside expert.

Ask a Question

Browse IT Answers by Topic

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2010, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags