Information Technology Reference
In-Depth Information
Other compliance requirements may include project requirements, application
design requirements, internal policies, and more. All compliance requirements are
potentially subject to audits to ensure compliance veriication. he audit process
provides the steps to perform this compliance verification.
A comprehensive architectural approach to auditing examines the existence and
adequacy of assessment and audit policy, standards, and procedures; various audit
perspectives; and the audit process and details of each phase.
8.5.1
Audit Perspective
Audit perspectives include:
n
n
Audit performance
Internal audits
External audits
Operations
Automated audit logs via operating system (OS), network operating sys-
tem (NOS), application, centralized log management, support for foren-
sic analysis of activity (reconstruct actions and timeline)
Subjects of an audit
People [activity | relationship audits]
For example, conflict of interest, separation of duties
Process
For example, financial accounting practices, technical operations
procedures
Technology
For example, system logs
Audit purpose
Compliance verification of:
External legislation and regulation
Internal policy
Technical, e.g., password, authentication
Process, e.g., accounting with regard to Sarbanes-Oxley
Stakeholder policy
Customer policy
Managed services
On-site management
On-site contracting
Operational SLAs
Internal operations
Customer operations
n
n
n
n
n
n
n
n
n
Compliance verification is part of the IA 2 F.
 
Search WWH ::




Custom Search