CHAPTER 6
Conducting an IT Infrastructure Audit for Compliance
AFTER THE AUDIT TEAM COMPLETES an auditing plan and that plan is approved, the audit team can begin auditing the IT infrastructure for compliance. Testing for compliance is centered on the presence of adequate controls or countermeasures in the planned scope of the IT infrastructure. This includes verifying that policies are put in place and appropriately followed.
The actual execution of an audit can vary widely based on the scope and objectives of the plan. Several methods, frameworks, and automated tools are available to assist in the process. The choices made will depend on the areas being assessed and the depth and breadth at which controls need to be examined.
Chapter 6 Topics ...