Page 204 - Courses
P. 204

IT Essentials — Computer Operations

             Policies and procedures related to all computer operations activities, including but not limited to:
                Asset management.
                IT service management.
                    Configuration management.
                    Knowledge management.
                    Change management.
                    Incident management.
                    Problem management.
                Job scheduling services.
                Help desk services.
                Network security monitoring services.
                Software license management.
                IT project management.
                Continuity management.
                Capacity management.
                Service level agreement (SLA) management .

            Deploying Unified Service Management Platforms

            The internal auditor should start the engagement by reviewing the asset inventory process. An
            ineffective asset management program indicates shortcomings throughout computer operations.

            While planning the internal audit engagement, the internal auditor may wish to incorporate some or
            all of the audit objectives and risks described in The IIA’s GTAG “Information Technology
            Outsourcing, 2nd Edition” into their audit scope.

             Review the conversation between a lead internal auditor — Nadia — and a new staff internal auditor
            — Emilio, in which they review the audit risks and objectives in the GTAG.

            Configuration Management

            Hi Emilio! I’m excited to prep with you today for our upcoming computer operations internal audit.

            Thanks for your time, Nadia. This is my first computer operations audit engagement, so I really
            appreciate you guiding me through it and lending me your expertise.

            Of course! Let’s begin by reviewing the audit objectives and identifying common risks associated
            with configuration management.

            Okay! So the audit objective stated in the audit program is “Evaluate existence, completeness, and
            accuracy of configuration database.”

            Exactly! We can express an associated risk as “Database does not support operational processes.”

            Yes, that sounds good to me. But how do I know what to actually test during the fieldwork portion of
            the engagment?

            Great question! We can reference Appendix B of The IIA’s GTAG “Information Technology
            Outsourcing, 2nd Edition” to see what is recommended:





            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   199   200   201   202   203   204   205   206   207   208   209