FULL CONTENTS OF
Addendum to ‘IT Strategic & Operational Controls’ Book (Customisable IT Audit Programmes and Checklists) |
John Kyriazoglou
PUBLISHER: www.itgovernance.co.uk
ADDENDUM TO THE BOOK (Customisable IT Audit Programmes and Checklists
(WORD FORMAT): www.itgovernance.co.uk/products/3143
ISBN 978-1-84928-075-4
© John Kyriazoglou 2010
The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.
First published in the United Kingdom in 2010
by IT Governance Publishing.
Chapter 1: CORPORATE MANAGEMENT AUDIT PROGRAMMES AND CHECKLISTS
The following audit programmes and checklists are designed to support the control, review and audit activities of the corporate management area and its particular components: Corporate governance and internal controls systems,Assessment of the compliance controls framework,Corporate policies and procedures,Records management system,Financial management system,
Corporate fraud management system,IT internal audit, and
IT ethics management. These also complement the controls described in all chapters of IT Strategic & Operational Controls. More detailed information on corporate controls is provided in Corporate Controls by John Kyriazoglou, Dr Frank Nasuti and Dr C. Kyriazoglou, published by The Institute for Internal Controls (http://www.theiic.org).
Chapter 2: IT ORGANISATION AUDIT PROGRAMMES AND CHECKLISTS
The following audit programmes and checklists are designed to support the review and audit activities of the IT organisation area and its particular components: IT department structure, IT control framework, IT policies and procedures, Technology coverage, IT finance assessment, IT outsourcing, IT management reporting. These also complement the controls described in Chapter 1 (IT organisation controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 3: IT ADMINISTRATION AUDIT PROGRAMMES AND CHECKLISTS
The following audit programmes and checklists are designed to support the review and audit activities of the IT administration area and its particular components: IT inventory control, IT procurement management, Vendor and external parties’ management, Computer insurance, Customer service agreements, IT unit performance, and Problem management.These also complement the controls described in Chapter 2 (IT administration controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 4: ENTERPRISE ARCHITECTURE AUDIT PROGRAMMES AND CHECKLISTS
The following audit programmes and checklists are designed to support the review and audit activities of the Enterprise Architecture area and its particular components:Enterprise Architecture plan assessment, Enterprise Architecture migration plan
Core corporate issues assessment. These also complement the controls described in Chapter 3 (Enterprise Architecture controls) of IT Strategic & Operational Controls and the review and audit tools and techniques contained in that chapter.
Chapter 5: IT PERSONNEL MANAGEMENT AUDIT PROGRAMMES AND CHECKLISTS
The following audit programmes and checklists are designed to support the review and audit activities of the IT personnel management area and its particular components:IT personnel administration audit programme, Segregation of duties assessment audit programme, IT personnel performance assessment, IT personnel responsibilities and skills assessment, Human resource cultural controls assessment. These also complement the controls described in Chapter 2 (IT administration controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 6: IT STRATEGY AUDIT PROGRAMMES AND CHECKLISTS
The following audit checklist and programs are designed to provide additional support during the review and audit process of the IT strategy area and its particular components:IT business plan alignment, IT strategic management process, IT strategic plan.
These also complement the controls described in Chapter 4 (IT strategic controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 7: IT SECURITY AUDIT PROGRAMMES AND CHECKLISTS
The following audit checklist and programmes are designed to provide additional support during the review and audit process of the IT security area and its particular components:IT security intrusion response assessment, Information security procedures assessment,
IT security programme assessment, IT security administration, Data sensitivity protection assessment. These also complement the controls described in Chapter 6 (IT security controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 8: SYSTEMS DEVELOPMENT AUDIT PROGRAMMES AND CHECKLISTS
The following audit checklists and programmes are designed to support the review and audit activities of the systems development area and its particular components:IT project investment assessment,
Systems development change controls assessment, IT project management assessment, Application software requirements assessment,
Post-implementation review. These also complement the controls described in Chapter 5 (System development controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 9: SYSTEMS SOFTWARE AUDIT PROGRAMMES AND CHECKLISTS
The following audit checklists and programmes are designed to support the review and audit activities of the systems software area and its particular components:Systems software maintenance assessment, Systems software security assessment, Database controls assessment, Systems software back-up assessment. These also complement the controls described in Chapter 8 (Systems software controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 10: DATA CENTRE OPERATION AUDIT PROGRAMMES AND CHECKLISTS
The following audit checklists and programmes are designed to support the review and audit activities of the data centre operation area and its particular components: Physical access controls assessment, Hardware management controls assessment, Back-up and recovery procedures assessment, Health, safety and environmental controls assessment, IT disaster recovery plan assessment. These also complement the controls described in Chapter 7 (Data centre operational and support controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 11: IT APPLICATIONS OPERATION AUDIT PROGRAMMES AND CHECKLISTS
The following audit checklists and programmes are designed to support the review and audit activities of the IT applications operation area and its particular components:Application systems protection controls assessment, Application data controls assessment, Application technical controls assessment, Application database controls assessment, Application system testing assessment,
Corporate website evaluation. These also complement the controls described in Chapter 9 (IT application controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in that chapter.
Chapter 12: END-USER COMPUTING AUDIT PROGRAMMES AND CHECKLISTS
The following audit program and checklists are designed to support the control, review and audit activities of the end-user computing area and its particular components:End-user area risk assessment, End-user computing policy, End-user security, End-user application development and operation. These also complement the controls described in Chapter 5 (System development controls) and Chapter 9 (IT application controls) of IT Strategic & Operational Controls, and the review and audit tools and techniques contained in those chapters.