IT Governance, Risk, and Compliance

Oct 4 2011   8:14PM GMT

Auditing Information Security Governance – Part IV

Robert Davis Robert Davis Profile: Robert Davis

To prevent expectation misinterpretation, the ISG engagement ‘terms of reference’ should minimally address engagement ambit, reporting lines, and IT audit authority. Specifically, ISG functional areas and issues definitions, identified ‘highest-organization-level’ issues reporting, as well as auditor information access rights should be clearly documented in the audit charter and/or engagement letter.

ISG can be an individual audit area examination or an auditable unit examination for every audit or review undertaken. During the IT audit planning process, all or segments of an entity’s deployed governance related frameworks may be selected as auditable units. Furthermore, ISG audits may cross divisional, functional, or departmental demarcations.

View Part I of the Auditing Information Security Governance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: