IT Governance, Risk, and Compliance

Oct 18 2011   8:16PM GMT

Auditing Information Security Governance – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

Evaluating IT solutions with the adequate level of IT security controls over IT resources requires a detailed principles and practices understanding. Regarding audit staffing, potential ISG engagement members should have the appropriate seniority and proficiency. Generally, when ISG audit objectives involve a wide range of information system functions, assigned audit personnel should have extensive organizational knowledge and related processes understanding. These audit personnel criteria can be satisfied through a combination of formal education, relevant certification and/or professional experience.

If after evaluating potential in-house audit engagement candidates, audit management determines the IT audit function does not have the required skill set, professional service outsourcing may be considered to enable an ISG audit or review. For example, IT audit staff members may not have the appropriate business, technical, and/or framework knowledge to adequately perform a scheduled ISG audit in a timely manner. Hence, audit management may consider ISG audit outsourcing to complete the scheduled engagement.

View Part I of the Auditing Information Security Governance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: