Strategy for IT Audit planning
In planning for an IT audit, the first step is to determine the audit universe, i.e. all areas taht is under the responsibility of the CIO (Chief Information Officer)
Audit universe can be determined from the:
If you are using the 34 IT audit processes, assess all the 34 IT processes maturity (in COBIT), rank the maturity of each IT processes from the scale of 0-5.
Audit universe can be determined from the:
- organisation structure,
- COBIT 34 IT processes or
- subject e.g. Datawarehouse.
If you are using the 34 IT audit processes, assess all the 34 IT processes maturity (in COBIT), rank the maturity of each IT processes from the scale of 0-5.
Also assess the business impact of the processes failure and likelihood of the process failure. Areas which has high business impact and high likelihood of happening (based on previous history) should be given more attention.
Alternatively, you can also linking the audit universe to the 34 COBIT IT processes. Example "IT Budget audit" can be link to PO5, Manage the IT Investment.
What to audit first?
Audit the “ IT Risk Management” process first using either;
- COBIT Assurance Guide: PO9 “ Assess and Manage IT Risk”
- FFIEC “Management” Handbook, IT Risk Management Process
‘To be continued’
Labels: plan
posted by man at 9:58 PM
0 Comments:
Post a Comment
<< Home