Page 449 - ITGC_Audit Guides
P. 449
The deliverable is not limited to the final report. Communication between the audit/assurance teams and the process
owner is essential to assignment success.
1.6.1 Determine the interim deliverables, including initial findings, status reports,
draft reports, due dates for responses or meetings, and the final report.
1.7 Communicate the process. (Standard 2201)
The audit/assurance process must be clearly communicated to the customer/client.
1.7.1 Conduct an opening conference to:
Discuss the scope and objectives with the stakeholders.
Obtain documents and information security resources required to perform the
review effectively.
Communicate timelines and deliverables.
Objective 2: Identify and Obtain Supporting Documents (Standard 2310)
Review Activities Comments
2.1 Review policies and standards governing big data.
2.2 Review the IT infrastructure documentation and identify systems that support
big data.
2.3 Review system design documents.
2.4 Review the interfaces diagram and identify systems that share data with the
big data systems.
2.5 Review the list of internal and/or external users.
2.6 Review contracts with service providers.
2.7 Review SLAs.
2.8 Review performance metrics and remediation plans.
2.9 Review the disaster recovery plan and test results.
2.10 Review the business continuity plan and test results.
Program Governance Risks
To successfully deploy a big data program, organizations must deploy and appropriately govern
the necessary people, processes, and technology. Without adequate program governance, a big
data implementation may expose the organization to undue risk, ranging from failed
implementation and limited adoption to security and privacy issues. Organizations also face
difficulties in designing metrics to measure the cost and value of big data programs. Executive
leadership may choose to discontinue funding a big data program if the program value cannot be
adequately demonstrated and communicated.
30 — theiia.org
