IT Governance, Risk, and Compliance

Oct 11 2011   7:51PM GMT

Auditing Information Security Governance – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Primary drivers for ISG assurance planning is the verification of governance existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be obtained during engagement planning to comply with ISACA IT audit standards and guidelines.

Theoretically, the control environment (CE) epitomizes management’s attitude, awareness, and actions. Demonstratively; integrity and ethical values, commitment to competence, management’s philosophy and operating style, organizational structure, responsibility and authority assignment, human resource policies and practices, budget formulation and execution, as well as control methods over compliance with laws and regulations are representative CE characteristics. Within this context, the adopted information security program, normally, is an entity sub-divisional control system. Therefore, the entity’s CE should be replicated within the information security CE.

View Part I of the Auditing Information Security Governance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: