Chapter Twelve
ISecGrade Checklists
THIS CHAPTER PROVIDES A series of checklists for use by information systems auditors. These checklists follow the ISecGrade methodology described in Chapter 11. Readers may consult this chapter and select appropriate checklists for their use during the audit.
CHECKLIST STRUCTURE
Checklists provided in this book use the pattern shown in Table 12.1.
TABLE 12.1 Checklist Structure

The top heading is the name of the checklist. The query column describes the control to be tested. “Used” is marked as selected if the control is applicable. “Y” and “N” each signify the response of the auditee. “Value,” unless grayed, contains the value for the control, which is otherwise 0 for “Y” and 1 for “N.” “Score” is the value obtained by the auditee. A soft copy of the checklist is available at the companion website.
INFORMATION SYSTEMS AUDIT CHECKLISTS
Exhibits 12.1 to 12.40 contain checklists to be used under the ISecGrade methodology. These checklists are also available for download. Please refer to About the Website at the end of the book for more information.
EXHIBIT 12.1 Audit Plan Checklist
| Auditee: | Date: |
| Address: | |
| Name of Auditor: | |
| Action | Observation |
|
A. Understanding the IT Environment and the Business
1. Overview the organization’s business objective.
2. Assess the organizational structures and the role of IT.
3. Identify the critical areas ... |