IT Governance, Risk, and Compliance

Jan 31 2012   8:41PM GMT

Auditing IT Service Delivery and Support – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Ordinarily, an IT auditor obtains relevant CE audit evidence through a combination of inquiries and other risk assessment procedures. For example, through management and employee inquiries, an IT auditor may obtain an understanding of how management communicates its views to employees regarding acceptable practices and ethical behavior. Thereafter, an IT auditor should determine whether controls have been implemented by analyzing: whether management has established a formal code of conduct and whether it acts in a manner that supports the code of conduct or condones violations of, or authorizes exceptions to, the code of conduct.

View Part I of the Auditing IT Service Delivery and Support series here

Post Note: As of January 12, 2012, Robert E. Davis, MBA, CISA, CICA is a Master of Science in IT Auditing and Cyber-Security Program instructor at Temple University.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: