Join Michael Lester for an in-depth discussion in this video Collect information: Part 1, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- All right, now, let's get into the second phase…of our risk management process, the collection phase.…So, in a collection phase, we're dealing with…pulling information from all the different sources.…We might be doing surveys.…We might walk around with a clipboard,…and actually do some interviewing of people.…We will be doing that.…You might look at some vulnerability test results.…You might look at some penetration test results.…And pull that out, and analyze it,…and try and collect the information…to make some sense of it all.…So, here we are in the second phase…of our risk management process.…We did the planning.…
We scoped it.…We figured out what assets were involved.…We set the team up, et cetera, et cetera.…And now, we're going to do the actual grunt work,…in this second box here of collecting the information.…All right, so, the first step in our collection phase…is to identify which assets we are dealing with.…Now, we've already, in our scope, back in the…planning phase, figured out which are going to…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery