Join Michael Lester for an in-depth discussion in this video Planning, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] So, we're going to be focusing on in this…section, the first phase in our risk management process.…The planning phase.…How we go through, before we actually start collecting…all the information, and set this process up.…So, the first thing we're going to do is identify the team.…Now, who's going to be on the team?…Just about everybody in the organization's…going to have some voice at the table.…The IT department, of course, because this is information…systems risk management process we're going through.…You're going to have your auditors.…Auditors tend to have a very unique perspective on the…organization, so you want them involved.…
The business unit leaders from all…the different business units.…They'll have a voice at the table.…If there's a regulation involved, there's some law that's…involved, you're going to have to have legal in the room.…If there's employees involved, you're going to…have to have HR in the room.…And course, management is going to be involved,…because they're going to make all the big decisions.…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery