Audit and Assurance

This is a forum to collaborate on all topics related to IT audit and assurance.  Examples includes discussions on audit programs, sources of assurance, audit best practice, audit methodologies, audit charters, audit standards, the IT Assurance Framework (ITAF), audit news etc.

Topic Leaders

CSULA
Senior Auditor
Ultimate Consulting, Inc
Continuity NZ, Ltd
Director/Principal Consultant

List of Discussions

  • If you are looking for an audit program, please try the following: Look in the "usual" places – see "Audit Programs" https://www.isaca.org/Journal/archives/2017/Volume-4/Pages/audit-programs.aspx Search in the library attached to this forum. ...

    3 people like this.
  • @Jose Gutierrez Figueroa , Well then the the answer is "it depends" e.g. who else has access to this password? How complex is it etc?  But in my opinion 100 days is too long - the user should be forced to change it as soon as they log on. Have members ...

  • @Oluwaseyi Owolabi , I'm afraid I don't know of an audit program for this, however, ISACA's eBusiness Suite one may be of help http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Security-Audit-and-Control-Features-Oracle-E-Business-Suite-3rdEdition.aspx ...

  • @Agueda Monteiro Tavares , Besides the good answer provided by @Thomas Miller also review ISACA IT Continuity Audit Program which, if memory serves, covers this  http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/IT-Continuity-Planning-Audit-Assurance-Program.aspx​​ ...

  • @Khaled Jannoune , Can you be more specific please?  Are there particular items on the matrix you would like to discuss? Best Regards, Ian​​ ------------------------------ Ian Cooke Audit & Assurance Topic Leader ISACA Journal Columnist --------- ...

  • Thank you, @Ian Cooke . I had printed out the referenced story shortly after submitting my comment!  ​​ ------------------------------ Henry Bottjer Lead IT Auditor ------------------------------

  • Thank you Igor ------Original Message------ Evans it looks like you need to consider doing an IT asset management audit carving out only the hardware component of it. add to it NIST 800-53 controls around maintenance, and I think that should be all ...

Latest Shared Files