SILCM audits normally have a functional focus. ‘Functional-based’ SILCM audits examine identified processes as auditable units. However, if during ‘functional-based’ planning the IT auditor discovers a SILCM related framework is not deployed, the audit planner should consider utilizing the COBIT framework domain processes as a baseline for setting objectives. Typically, for SILCM assurance services, effectiveness and efficiency are the primary information criteria; while integrity, availability, compliance, and reliability should be considered secondary information criteria, even when other audit measurement standards are included within the audit ambit.
“View Part I of the Auditing Systems and Infrastructure Life Cycle Management series here“