IT Governance, Risk, and Compliance

Feb 24 2012   8:57PM GMT

Auditing IT Governance – Part V

Robert Davis Robert Davis Profile: Robert Davis

Primary drivers for IT governance audit planning are verifying governance existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be obtained during engagement planning to comply with ISACA IT audit standards and guidelines.

Theoretically, the control environment (CE) epitomizes management’s attitude, awareness, and actions. Integrity and ethical values, commitment to competence, management’s philosophy and operating style, organisational structure, responsibility and authority assignment, human resource policies and practices, budget formulation and execution, as well as control methods over compliance with laws and regulations are representative CE characteristics. The IT department, normally, is an entity’s subdivision; therefore, the entity’s CE should be replicated within the IT CE.

View Part I of the Auditing IT Governance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: