IT Governance, Risk, and Compliance

Dec 13 2011   9:15PM GMT

Auditing Business Continuity and Disaster Recovery – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

An IT auditor should perform a preliminary control environment (CE) assessment corresponding to the audit area being examined to enable reasonable assurance that all significant items will be adequately addressed during the IT audit process.

Audit evidence for CE elements may not be available in documentary form. In particular to smaller entities, communication between management and other personnel may be informal, yet effective. For example, management’s commitment to ethical values and competence are often implemented through the behavior and attitude they demonstrate in managing the entity’s business instead of in a written code of conduct. Consequently, management’s attitudes, awareness and actions are of particular importance in the design of a smaller entity’s CE. In addition, the role of those charged with governance is often undertaken by the owner/manager — especially where there are no other equivalent personnel within the entity.

View Part I of the Auditing Business Continuity and Disaster Recovery series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: