IT Governance, Risk, and Compliance

Oct 14 2011   8:48PM GMT

Auditing Information Security Governance – Part VII

Robert Davis Robert Davis Profile: Robert Davis

An IT auditor should include in the audit ambit relevant processes for planning, organizing, and monitoring information security activities. Furthermore, the audit ambit should include control systems for the use and protection of the full range of COBIT framework IT resources. Specifically, people, information, applications, and infrastructure are the IT resources that should be addressed within the ISG audit ambit’s control systems.

Critical for a viable ISG audit plan is the IT audit function’s organizational status. Thus, internal IT audit organizational status may become a factor in determining whether to proceed with an ISG audit or review. For instance, management may consider it inappropriate to grant internal IT auditors access to high-level business documents. Accordingly, organizational status may require hiring an independent third party to manage and perform the ISG audit or review.

View Part I of the Auditing Information Security Governance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: