IT Governance, Risk, and Compliance

Nov 1 2011   7:33PM GMT

Auditing Information Assets Protection – Part IV

Robert Davis Robert Davis Profile: Robert Davis

IAP audits normally have an operational focus addressing general controls. ‘Operational-based’ IAP audits examine audit area departmental personnel adherence to policies and procedures while simultaneously evaluating the economy, effectiveness and efficiency of assigned tasks; relative to the fore stated control group. Whereas, general IT controls can be classified to include organizational structures, hardware configurations, operating systems, physical facilities, development methodologies, change management, and operational continuity. However, if during ‘operational-based’ planning the IT auditor discovers an IAP framework is not deployed, the audit planner should consider utilizing the COBIT Deliver and Support-Ensure Systems Security framework domain process as a baseline for setting detail objectives.

View Part I of the Auditing Information Assets Protection series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: