Page 585 - ITGC_Audit Guides
P. 585
Global Technology Audit Guide (GTAG)
Written in straightforward business language to address a timely issue related to IT management, control, and security, the GTAG
series serves as a ready resource for chief audit executives on different technology-associated risks and recommended practices.
Information Technology Controls: Topics Information Technology Outsourcing:
discussed include IT control concepts, the )NFORMATION Discusses how to choose the right IT
importance of IT controls, the /UTSOURCING outsourcing vendor and key outsourcing
4ECHNOLOGY
organizational roles and responsibilities for control considerations from the client’s and
ensuring effective IT controls, and risk service provider’s operation.
analysis and monitoring techniques.
Change and Patch Management Controls: Auditing Application Controls: Addresses
Describes sources of change and their likely the concept of application control and its
Change and Patch Auditing
Management Controls: impact on business objectives, as well as Application relationship with general controls, as well as
Critical for Controls
Organizational
how change and patch management
Success how to scope a risk-based application
controls help manage IT risks and costs and control review.
what works and doesn’t work in practice.
Continuous Auditing: Addresses the role Identity and Access Management: Covers
of continuous auditing in today’s internal key concepts surrounding identity and
Continuous Auditing: Identity and Access
Implications for Assurance, audit environment; the relationship of Management access management (IAM), risks associated
Monitoring, and
Risk Assessment
continuous auditing, continuous with IAM process, detailed guidance on
monitoring, and continuous assurance; and how to audit IAM processes, and a sample
the application and implementation of checklist for auditors.
continuous auditing.
Management of IT Auditing: Discusses Business Continuity Management: Defines
IT-related risks and defines the IT audit business continuity management (BCM),
universe, as well as how to execute and Management discusses business risk, and includes a
Management of IT Auditing Business Continuity
manage the IT audit process. detailed discussion of BCM program
requirements.
Managing and Auditing Privacy Risks: Developing the IT Audit Plan: Provides
Discusses global privacy principles and step-by-step guidance on how to develop an
Managing Developing the
and Auditing frameworks, privacy risk models and IT Audit Plan IT audit plan, from understanding the
Privacy Risks
controls, the role of internal auditors, top 10 business, defining the IT audit universe, and
privacy questions to ask during the course of performing a risk assessment, to formalizing
the audit, and more. the IT audit plan.
Managing and Auditing IT Vulnerabilities:
Among other topics, discusses the Auditing IT Projects: Provides an overview
Managing and Auditing vulnerability management life cycle, the of techniques for effectively engaging with
IT Vulnerabilities
scope of a vulnerability management audit, project teams and management to assess the
and metrics to measure vulnerability risks related to IT projects.
management practices.
Visit The IIA’s Web site at www.theiia.org/technology to download the entire series.
