Auditing information systems
June 8th, 2007
Last week I did my first audit of information system. It took me 5 days and I sucedeed to audit many different areas including management of IS, managing documentation, asset inventory, risk assessment, managing internal audit, development and maintaining IS, many aspects of IS security and business continuity process. It was an audit of one bank organization.
By the fact it was my first audit, I’m quite satisfied how it has been done. I took about 3 weeks of preparing, reading books (brief read as a matter of fact) and articles over the Web. For your sake, I’ll shorten your time for doing the same if you are in similar position of doing your first audit. Books didn’t help me a lot, but there are some very good articles and materials written by individuals as myself. Please, be sure to look at http://www.isect.com/html/ca_faq.html, excellent article (FAQ) about auditing information systems.
There is also one more good material, chapter 1 of CISA Review Manual: The IS Audit Process (more information on http://www.isaca.org). Anyway, there are very few templates on checklists or audit programmes so I was left on my own. I’ll change that as soon as possible, when cutting out all of confidential information from my audit programme. Wait till next week!
Entry Filed under: News