Audit and Assurance

Topic Leaders

CSULA
Senior Auditor
Ultimate Consulting, Inc
Continuity NZ, Ltd
Director/Principal Consultant
This is a forum to collaborate on all topics related to IT audit and assurance.  Examples includes discussions on audit programs, sources of assurance, audit best practice, audit methodologies, audit charters, audit standards, the IT Assurance Framework (ITAF), audit news etc.

List of Discussions

  • Similar to the responses already provided, it is mostly a collaborative effort - management typically provides the implementation dates that we review for reasonableness.  However, if the observation is rated high risk and remediation should be prioritized, ...

    1 person likes this.
  • Hello @Khemraj Reetun , This may not be exactly what you need, as that would depend on what you have and what your scope is, but overall, I would start with ISACA audit programs for the following COBIT 5 sub processes. DSS05.04 (Manage user identity ...

  • @Arnise: nope, please share. "Marat: please, take a look at this: https://www.enisa.europa.eu/publications/dbn-severity/ (it works for me, accessed 08/12/19).​ ------------------------------ [Amedeo] [Maturo Senra] [CISA, CIPP/E, Lawyer] ---------- ...

  • Thank you for your comments, appreciate the feedback. ------------------------------ James (Jim) Horton Senior Manager IT Security Governance, Risk & Compliance ------------------------------

  • Dear Audit and Assurance: I'd like to share a new audit reporting standards SAS 134, SAS 135, and SAS 136 are effective for audits ending on or after Dec 15, 2020.    https://www.complianceweek.com/accounting-and-auditing/new-auditor-reporting-standards-what-has-changed/28119.article ...

  • Dear Folks, Appreciate your help. Thank you a lot for this great forum and high level communication. I have an automated reconciliation, where different files downloaded. 1- File 1: from the  (simple file from market over the counter exchagne 2. File ...

  • In Normal Circumstances any Card Holder Data is protected by PCI-DSS controls. Should similar controls be applicable to PLCC? If not, what are minimum controls that are expected to be implemented? 1. Encryption at rest and during transit? 2. Tokenization? ...