Audit and Assurance

Expand all | Collapse all

Audit Program for Small Business

  • 1.  Audit Program for Small Business

    Posted 04 Feb, 2020 03:17
    Hi all
    I am searching a good Audit Programm for Small Business Companys. All i find is to much. I thing the most 40 questions.
    I looked at NIST but it is to much for a small company.

    Have you got any ideas ?

    Best regards
    Patrick

    ------------------------------
    Patrick Schmid
    CISA
    ------------------------------


  • 2.  RE: Audit Program for Small Business

    Posted 04 Feb, 2020 04:37
    Small or big .... the control structure remains same but complexity is less. Use the standards questionnaire of NIST or ISO 27K and prepare a controls to be tested.

    ------------------------------
    Sunil Bakshi
    Consultant
    ------------------------------



  • 3.  RE: Audit Program for Small Business

    Posted 04 Feb, 2020 20:06
    Hi Patrick

    I suggest you customize your audit program  based on your audit objectives.  Is your focus the network  databases, or financial reporting systems?

    ------------------------------
    Sal Rodriguez
    Director of Internal Audit
    CISA, CIA, CRMA, CCSA, CGAP, CICA, MBA, MS
    ------------------------------



  • 4.  RE: Audit Program for Small Business

    Posted 05 Feb, 2020 00:53
    Hi Salvador
    The focus is analyse the Company, like a Risk analyse. I like to have a Excel with around 40 questions to have a Small Audit. The target is to show the most IT Risks in a small Company.  Like have all systems a good patch level. Or is the Backup ok ... so questions like that. I hope you understand what i mean.

    ------------------------------
    Patrick Schmid
    CEO
    ------------------------------



  • 5.  RE: Audit Program for Small Business

    Posted 05 Feb, 2020 07:54
    ​The NIST 800 series can be overwhelming at times, did you look at the Small Business Cybersecurity Corner?



    ------------------------------
    Jack Tinker
    Sr Information Systems Auditor
    ------------------------------