THIS CHAPTER PROVIDES A series of checklists for use by information systems auditors. These checklists follow the ISecGrade methodology described in Chapter 11. Readers may consult this chapter and select appropriate checklists for their use during the audit.
Checklists provided in this book use the pattern shown in Table 12.1.
The top heading is the name of the checklist. The query column describes the control to be tested. “Used” is marked as selected if the control is applicable. “Y” and “N” each signify the response of the auditee. “Value,” unless grayed, contains the value for the control, which is otherwise 0 for “Y” and 1 for “N.” “Score” is the value obtained by the auditee. A soft copy of the checklist is available at the companion website.
Exhibits 12.1 to 12.40 contain checklists to be used under the ISecGrade methodology. These checklists are also available for download. Please refer to About the Website at the end of the book for more information.
|Name of Auditor:|
A. Understanding the IT Environment and the Business
1. Overview the organization’s business objective.
2. Assess the organizational structures and the role of IT.
3. Identify the critical areas ...