1. IT Audit Checklists covering a variety of subjects.
http://www.itcinstitute.com/display.aspx?id=2499
2. White Paper Library by Category - excellent.
http://www.itcinstitute.com/wp/WPallactive.aspx
3. ComplianceNOW - archives of past issues.
http://www.itcinstitute.com/complianceNOW.aspx#
4. Expert Q&A - Auditor Answers - covering numerous queries.
http://www.itcinstitute.com/features.aspx?sid=15
5. ITCI's home page - the entry point to extensive guidance & knowledge.
http://www.itcinstitute.com/
Enjoy.
HAGD.
Dan
________________________________________________________
New IT Audit Checklist: Change Management
The IT Audit Checklist for Change Management includes:
187 specific checklist items to help assess your internal audit readiness
Controls derived from prominent standards/frameworks including ITIL, CobiT, and NIST
Pointers on audit planning, preparation, testing, and reporting
Clarification on what auditors want (and don't want) to see
What Is This Paper About? This paper, "IT Audit Checklist: Change Management," supports an internal audit of the organization's change management policies in order to verify compliance and look for opportunities to improve efficiency, effectiveness, and economy.
The paper includes advice on assessing the existence and effectiveness of change management in project oversight, development, procurement, IT service testing, and IT operations; guidance for management and auditors on supporting change management; and information on ensuring continual improvement of change management efforts.
(Requires brief registration for non-members)
____________________________
Also in the IT Audit Checklist Series
IT Audit Checklist: Payment Card Industry (PCI)
Advice on assessing the robustness of PCI controls, recommendations for avoiding common PCI compliance failures, and information on ensuring continual improvement of IT security efforts. Includes 54 specific checklist items.
Download
(requires brief registration for non-members)
IT Audit Checklist: Information Security
Supports an internal audit of the organization's information security program with guidance on improving information security programs and processes. Includes 228 specific checklist items.
Download
(requires brief registration for non-members)
IT Audit Checklist: IT Governance and Strategy
Guidance on assessing the completeness, effectiveness, and sustainability of existing IT governance and strategy. Includes 74 specific checklist items.
Download
(requires brief registration for non-members)
IT Audit Checklist: Risk Management
Advice on the necessary preparation, planning, and communication strategies involved in a sucessful risk-management audit. Includes 80 specific checklist items.
Download
(requires brief registration for non-members)
_______________________________
Some examples of past auditor answers Q&A columns.
__________________________________________________________
Auditor Answers: Performing Post Mortems on Problem Events 1.9 The best-laid plans of mice and men go under the microscope when unexpected events put business continuity management to the test. Our expert auditor offers inside advice on what comprises a successful incident post mortem: when it should happen, who should participate, and what it should produce in the end. more...
How to Disagree with Auditors: An Auditor’s Guide 12.5 If you’re responsible for compliance, chances are you occasionally disagree with auditor findings. This week, certified internal auditor and certified information systems auditor Dan Swanson offers inside advice on how to successfully change your auditor’s mind and prevent future conflicts. more...
Auditor Answers: Third-Party Software Responsibilities 11.7 A reader asks the auditor about the free accounting software his company downloaded from the bank's Web site. Does compliance responsibility for provided software end at the EULA? The answer might be more complex than you think. more...
Auditor Answers: Maintaining Compliance in Home Offices 9.5 Out of sight can’t mean out of mind, when it comes to upholding policies and procedures in the home offices of your workers. What should companies do to maintain compliance standards across a distributed workforce? more...
Auditor Answers: What Should Your Business Continuity Efforts Focus On? 8.1 Auditor Answers responds to real questions submitted by real readers. This week, the auditor looks at how to preserve business functions in the face of natural disasters and staff decimation. more...
Auditor Answers: Software for Expediting Regulatory Audits 7.5 Auditor Answers responds to real questions submitted by real readers. This week, certified internal auditor and certified information systems auditor Dan Swanson addresses the types, uses, and sources of audit-related software. more...
Ask the Auditor: Who is Responsible for Information Security? 6.6 Our new column, “Ask the Auditor,” answers real questions submitted by real readers. This week, certified internal auditor and certified information systems auditor Dan Swanson answers the question of who is responsible for information security. more...
Q&A: Stopping Blended Threats with Multi-function Security Appliances 5.16 Small and medium-size businesses, and satellite offices, are increasingly adopting multi-function security appliances that provide antivirus and firewall support, as well as intrusion, spyware, and adware detection. Could a switch to a comprehensive security appliance save your company time, trouble, and money? more...
Ask the Auditor: Business Risk vs. Audit Risk 5.2 Our new column, “Ask the Auditor,” answers real questions submitted by real readers. This week, certified internal auditor and certified information systems auditor Dan Swanson explains the difference between business risk and audit risk. more...
---------------------------------
Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
[Non-text portions of this message have been removed]
.
