How to conduct an IT General Controls Audit for a Holdings & Investments Company and a Real Estate Company (Developers)
How to conduct an IT General Controls Audit for a Holdings & Investments Company and a Real Estate Company (Developers) using HP Servers, Windows 2008, windows 2003 (backend) and Red Hat Operating Systems.
Software/Hardware used:
HP Servers, Windows 2008, windows 2003 (backend) and Red Hat Operating Systems.
Software/Hardware used:
HP Servers, Windows 2008, windows 2003 (backend) and Red Hat Operating Systems.
ASKED:
December 20, 2009 6:47 AM
UPDATED:
March 27, 2012 11:20 AM
RELATED QUESTIONS
- How do I configure VMware guestOS(s) to talk to Vista Home Premium as a Host to access DB2 or any other database?
- Shared vs. Personal Folders in Outlook 2007
- Adding customized settings for printers in Red Hat Enterprise Linux
- Free IT Book: Stealing the Network
- Opinions wanted on Windows Server Backup on 2008
Answer Wiki:
How do you mean? Sounds like hiring an outside expert would be your best bet.
To see all answers submitted to the Answer Wiki: View Answer History.
The first step is to determine their controls and the standards to which the audit should be performed.
General controls typically start at the top with the policies set in place by the board. These should be expanded upon and enumerated in the company’s various policies and procedures. General controls includes information security, change management, incident management, software policy, hardware policy, backup/recovery, information controls, physical security, privacy policies, HR practices and much more. Depending on the size of the organization, a thorough audit could take many months.
There are a few steps. First determine what the controls are, then audit against the controls… is the company doing what it says it should. Finally are the controls sufficient to meet the needs and/or requirements. You’ll need to take into consideration any regulations or required standards
Check out http://www.ISACA.org for COBIT (the best IT controls framework in the world) as well as tons of info on how to perform an IT audit.
Oh yeah, the auditor should not be anyone with operational responsibility. One cannot audit what one does. If you don’t have the staff for this, Kevin is right… hire an outside expert.