IT Governance, Risk, and Compliance

Nov 4 2011   8:23PM GMT

Auditing Information Assets Protection – Part V

Robert Davis Robert Davis Profile: Robert Davis

Reflective of the COBIT “Ensure Systems Security” domain-process, IAP confidentiality and integrity are the primary information criteria, while availability, compliance, and reliability are considered secondary information criteria; even when other audit measurement standards are included within the audit ambit. For instance, information privacy may be within the IAP audit ambit and considered a material or significant auditable unit. However, as primary information criteria for privacy, compliance and effectiveness should still remain secondary for the IAP audit, if other distinct auditable units are identified.

Similar to IT Governance assurance services, IAP can be an individual audit area examination or an auditable unit examination for every IT function audit undertaken. During the IT audit planning process, all or segments of an entity’s deployed IAP related frameworks may be selected as auditable units. Furthermore, IAP audits may cross geographical, divisional, functional, or departmental demarcations.

View Part I of the Auditing Information Assets Protection series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: