IT Policies
Policies are highlevel documents which represent the corporate philoshopy of an organization. For policies to be effective, it must be clear and concise.
Manage should review all policies periodically. Policies need to be updated to reflect new technology and significant changes in business processes. Policies formulated must enable the achievement of business objectives and controls implementation.
IS auditors should reach an understanding of policies as part of the audit process and should test these for compliance. Controls should flow from the policies and the IS auditors should use policies as a benchmarking for evaluating compliance. If policies hinder the achievement of business objectives, these must be reported for improvement.
Manage should review all policies periodically. Policies need to be updated to reflect new technology and significant changes in business processes. Policies formulated must enable the achievement of business objectives and controls implementation.
IS auditors should reach an understanding of policies as part of the audit process and should test these for compliance. Controls should flow from the policies and the IS auditors should use policies as a benchmarking for evaluating compliance. If policies hinder the achievement of business objectives, these must be reported for improvement.
Labels: management, policy
posted by man at 5:42 PM
0 Comments:
Post a Comment
<< Home