CHAPTER 10: PLANNING, RUNNING AND REVIEWING INFORMATION RISK MANAGEMENT ASSIGNMENTS
Overview
There are a variety of assignments that an information risk manager/auditor may be asked to undertake using their specialist knowledge and skills. This could be:
• A regular review or audit of a particular topic to provide ongoing compliance comfort (e.g. part of internal audit plan or regular management testing for Sarbanes-Oxley compliance).
• As part of a bigger team on a large assignment (e.g. the external financial audit of an entity, due diligence review of a potential acquisition target).
• A specific review of a particular issue – (e.g. response to a denial of service attack, health check review of an ERP implementation project).
Stages ...
Get Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.