Database Reference
In-Depth Information
IT Audit plan management
The IT Audit plan is based on the audit objective to test the design and operating
effectiveness of IT controls based on InFission IT controls framework. InFission IT
organization has established an IT controls framework based on COBIT standard,
which includes the following four domains:
•
Plan and Organize
(
PO
): Provides direction to solution delivery (AI) and
service delivery (DS)
•
Acquire and Implement
(
AI
): Provides the solutions and passes them to be
turned into services
•
Deliver and Support
(
DS
): Receives the solutions and makes them usable
for end users
•
Monitor and Evaluate
(
ME
): Monitors all processes to ensure that the
direction provided is being delivered to the organization
The IT Audit Director creates the annual IT Audit plan to assess the effectiveness
of the IT controls that mitigate the risks to the four domains that we just discussed.
IT Audit team starts the audit by reviewing IT control documents, such as Annual
IT Goals, Information System Architecture, Organization Structure, and Budgets.
IT controls are tested to identify all violations of IT policies and procedures. For
example, IT management is notified of any non-compliance with IT development,
change management, and maintenance procedures that have occurred as IT solutions
are acquired and implemented.
IT auditors also review periodic end-users surveys to ensure that the IT services meet
the delivery and support goals in line with business priorities. The survey results
help determine if the IT costs are optimized, and if employees are able to use the
IT systems productively and safely, with adequate confidentiality, integrity, and
availability in place for information security.
Additionally, IT Audit plan includes the assessment of monitoring controls. IT
controls managers continuously monitor and periodically evaluate certain IT
controls to detect problems before it is too late. For example, the IT Security Manager
monitors the user provisioning controls at the help-desk that mitigate the risk of
unauthorized access to sensitive data and functions. The IT Director responsible
for ERP Applications, monitors configuration controls changes to track who, when,
what, and where a key setup control was changed.
Search WWH ::
Custom Search