Page 396 - ITGC_Audit Guides
P. 396
Reporting Phase (continued)
Activity/Controls CERT Practice Function
- Performance. 2 Recover
Team overall performance.
Employee turnover.
Budget management.
Internal self-assessments.
External assessments.
Improvement recommendations that have not been
acted upon.
Employees placed on performance improvement plans.
Employees or areas with excessive HR claims files against.
- Incident management and response. 2 Identify
Type and quantity of investigations within a specific Recover
period of time.
Number of investigations closed satisfactorily.
Number of investigations closed within 30 days.
Quality of communications with internal stakeholders
and law enforcement.
- Education and awareness. 2 Identify
Number of users, administrators, investigators, and Recover
senior management that have attended training within
a specific time period.
Percentage of people that pass a validation
questionnaire at the end of the training session.
Frequency of training offered.
Percentage of reoccurrence.
Number of IT incidents reported.
Number of IT incidents detected using monitoring
mechanisms.
Ensure lessons learned exercises are conducted after an event to determine 2
areas of improvement.
Implement remediation or improvement plans. 2 Respond
Recover
www.theiia.org Auditing Insider Threat Programs 28
