Chapter Twelve

ISecGrade Checklists

THIS CHAPTER PROVIDES A series of checklists for use by information systems auditors. These checklists follow the ISecGrade methodology described in Chapter 11. Readers may consult this chapter and select appropriate checklists for their use during the audit.


Checklists provided in this book use the pattern shown in Table 12.1.

TABLE 12.1 Checklist Structure


The top heading is the name of the checklist. The query column describes the control to be tested. “Used” is marked as selected if the control is applicable. “Y” and “N” each signify the response of the auditee. “Value,” unless grayed, contains the value for the control, which is otherwise 0 for “Y” and 1 for “N.” “Score” is the value obtained by the auditee. A soft copy of the checklist is available at the companion website.


Exhibits 12.1 to 12.40 contain checklists to be used under the ISecGrade methodology. These checklists are also available for download. Please refer to About the Website at the end of the book for more information.

EXHIBIT 12.1 Audit Plan Checklist

Auditee: Date:
Name of Auditor:
Action Observation
A. Understanding the IT Environment and the Business
1. Overview the organization’s business objective.
2. Assess the organizational structures and the role of IT.
3. Identify the critical areas ...

Get Understanding and Conducting Information Systems Auditing + Website now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.