book

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

by Christopher Wright

April 2016

Beginner

161 pages

2h 31m

English

IT Governance Publishing

Read now

Unlock full access

OverviewWhat is risk?Management of riskRisk identification and awarenessDocumenting risksAssessing and monitoring riskCategorisationLikelihoodImpactRisk heat mapsControlling riskSummary
OverviewWhat is enterprise risk management?Strategic enterprise wide management processIdentify potential risksSignificant impactManage them within the entity’s risk appetiteCommon ERM frameworksCOSOThe five componentsISO31000Sarbanes-OxleySummary
OverviewThree lines of defenceFirst line of defence – Business unit staff and managementSecond line of defence – Governance, risk and complianceThird line of defence – Independent assurance from audit and the BoardSegregation of duties between each lineInternal vs external auditOther forms of IT assuranceCase studySummary
OverviewWhat is information risk?COBIT 5ISO frameworksCRAMMSummary and key take-aways

OverviewReviewing entity level controls in an IT contextWhat are general IT controls?Case studies and examples of general IT controlsOutsourced arrangementsEnd user computingBring your own devices (BYOD)Case studies and examples of outsourcingReviewing general IT controlsSummary
OverviewRisksControlsExamples of IT security controlsISO27001Case study examplesDocumenting, assessing and testing security and confidentiality controlsSummary
IntroductionProject lifecycle overviewProject lifecycle risksProject lifecycle controlsProject lifecycle case study examplesProject lifecycle documenting, assessing and testing controlsChange management overview and risksChange management controlsChange management case study examplesDocumenting, assessing and testing controlsSummary
IntroductionService management overviewDisaster planningCase study examplesSummary
IntroductionRisksControlsCase study examplesDocumenting, assessing and testing application controlsSummaryFurther reading
OverviewStages of a reviewIRM assignment planningConducting an IRM reviewReviewing the audit reviewEnsuring action after the reviewSummary
OverviewWho are IRM auditors?Skills auditQualifications availableProfessional and ethical standardsSources of employmentA personal case studySummary

Content preview from Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781849288170

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

by Christopher Wright

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Enterprise Risk Management, 2nd Edition

Auditing the Risk Management Process

Managing Risk in Information Systems, 2nd Edition

Managing Risk in Information Systems, 3rd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Enterprise Risk Management, 2nd Edition

Auditing the Risk Management Process

Managing Risk in Information Systems, 2nd Edition

Managing Risk in Information Systems, 3rd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.