Why perform IT audit?
The objective of an IT audit is to assess the adequacy of the controls in place to safeguard the informational assets.
In other words, to review the level of IT risks, controls and exposure. My simple equation is: -
IT Risk – IT Control = IT Exposure
Therefore, an IT auditor needs to assess the level of IT risks and controls that exist in order to determine whether there is any exposure.
IT Risks
There are many ways to classify the IT risks.
In other words, to review the level of IT risks, controls and exposure. My simple equation is: -
IT Risk – IT Control = IT Exposure
Therefore, an IT auditor needs to assess the level of IT risks and controls that exist in order to determine whether there is any exposure.
IT Risks
There are many ways to classify the IT risks.
One of the methods is: -
1.Strategic Risk
2.Compliance Risk
3.System Support Risk
4.Operational Risk
5.Security Risk
6.Business Resumption Risk
7.System Support Risk
8.Reputation Risk
Another way is: -
1.Infrastructure Risk
2.Availability Risk
3.Integrity Risk
4.Access Risk
5.Relevance Risk
I will write more about the risks in another post.
Labels: IT Audit
posted by man at 6:46 PM
0 Comments:
Post a Comment
<< Home