book

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

by Christopher Wright

April 2016

Beginner

161 pages

2h 31m

English

IT Governance Publishing

Read now

Unlock full access

OverviewWhat is risk?Management of riskRisk identification and awarenessDocumenting risksAssessing and monitoring riskCategorisationLikelihoodImpactRisk heat mapsControlling riskSummary
OverviewWhat is enterprise risk management?Strategic enterprise wide management processIdentify potential risksSignificant impactManage them within the entity’s risk appetiteCommon ERM frameworksCOSOThe five componentsISO31000Sarbanes-OxleySummary
OverviewThree lines of defenceFirst line of defence – Business unit staff and managementSecond line of defence – Governance, risk and complianceThird line of defence – Independent assurance from audit and the BoardSegregation of duties between each lineInternal vs external auditOther forms of IT assuranceCase studySummary
OverviewWhat is information risk?COBIT 5ISO frameworksCRAMMSummary and key take-aways

OverviewReviewing entity level controls in an IT contextWhat are general IT controls?Case studies and examples of general IT controlsOutsourced arrangementsEnd user computingBring your own devices (BYOD)Case studies and examples of outsourcingReviewing general IT controlsSummary
OverviewRisksControlsExamples of IT security controlsISO27001Case study examplesDocumenting, assessing and testing security and confidentiality controlsSummary
IntroductionProject lifecycle overviewProject lifecycle risksProject lifecycle controlsProject lifecycle case study examplesProject lifecycle documenting, assessing and testing controlsChange management overview and risksChange management controlsChange management case study examplesDocumenting, assessing and testing controlsSummary
IntroductionService management overviewDisaster planningCase study examplesSummary
IntroductionRisksControlsCase study examplesDocumenting, assessing and testing application controlsSummaryFurther reading
OverviewStages of a reviewIRM assignment planningConducting an IRM reviewReviewing the audit reviewEnsuring action after the reviewSummary
OverviewWho are IRM auditors?Skills auditQualifications availableProfessional and ethical standardsSources of employmentA personal case studySummary

Overview

An introductory guide to information risk management auditing, giving an interesting and useful insight into the risks and controls/mitigations that you may encounter when performing or managing an audit of information risk. Case studies and chapter summaries impart expert guidance to provide the best grounding in information risk available for risk managers and non-specialists alike.