Join Michael Lester for an in-depth discussion in this video Auditing governance and documentation, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] All right, let's talk about…Auditing Governance and Documentation.…So when it comes to auditing governance,…first of all, we want to know how well governance…is actually being performed, so this is more of…a business process audit than anything technical.…It's unlike some of the other audits we may have…talked about in this course.…It's really assessing the roles and responsibilities…within the governance structure.…So first thing you look at is, is there…a framework in place?…Is there a framework that this particular organization…is following, like COBIT or ITIL…or any of the ISO standards, ISO 27001 or 38500?…If there is a standard in place,…then take a look at the controls in that standard…and see, are we close to those controls?…How are we actually aligning?…Are we aligning well or are we far off?…So by having a framework in place, that makes it very easy…for the auditor to go through and look down the list…of controls whether we are or are not doing any…of those governance practices.…
When it comes to planning, we want to take a look…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery