Information Technology Reference
In-Depth Information
security audits are real-time and security auditing is a continuous activity. This topic will
be analysed in more detail in chapter 7.
System Deployment Audit
IS auditors are often required to get involved when systems are being developed and im-
plemented. This is to ensure that the systems being deployed have all the required security
and IT controls included as specified in the system specification. It is common to find de-
velopers or integrators missing out one or more features on a new system even when such
features are in the specifications. In order to avoid such costly mistakes, it is important that
auditors are involved when new systems are being deployed in the enterprise. IS auditors
should also be involved when major changes are being made to business systems.
The IS auditor, in order to maintain independence, may be required not to get involved in
the actual design of the system but to only review implementation and ensure that the de-
velopment team is complying with user and system requirements. This topic will be con-
sidered in more detail in chapter 8.
Business Continuity Audit
Business continuity and disaster recovery audit is the review of the enterprise's prepared-
ness in the event of a disaster or incident impacting on the operations of the enterprise.
Business continuity and disaster recovery can also be reviewed when carrying out an in-
formation security audit. The audit on business continuity focuses on policies, plans, imple-
mentation, and monitoring of business continuity and disaster recovery plans. In this topic,
we will make a comprehensive review of disaster recovery in chapter 9.
IT Performance Audit
IT performance audits require the use of appropriate IT metrics as tools for assessing per-
formance of the IT function and infrastructure in the enterprise. Regular audits of how the
IT function and infrastructure is performing enables management to determine how IT is
contributing to the success of the enterprise and how IT goals are being achieved. IT ser-
vice delivery is one of the key activities which can be used to assess performance of the IT
function and supporting systems. IT performance audits also can be used to complement
assessment of investment in IT infrastructure.
IS auditors are required to perform IT performance audits in order to determine areas of im-
provement in IT service delivery and also look for evidence on how IT services are impact-
ing the overall performance of the enterprise. A compliance review can also be performed
within an IT performance audit in order to assess compliance with established performance
metrics.
Search WWH ::
Custom Search