Project: IT Audit Checklists

Originally published by the IT Compliance Institute, the checklists offer practical guidance and experience-based insight to help IT, compliance, and business managers prepare for more successful and productive internal audits.

t2p_itac_change-management.png

ITAC: Change Management

Practical guidance for managers on how to prepare for successful audits

Authors: George Spafford and Dan Swanson, CMA, CIA, CISA, CISSP, CAP

This paper supports an internal audit of operational change management in order to verify compliance and process effectiveness. Approaching audit from a risk management perspective, the content includes advice on assessing the existence and effectiveness of controls over change management in IT project planning, procurement, testing, and implementation. Includes over 185 control-based checklist items.

View details & comments >

T2P Member resource. Please register (and/or log in) to download this paper.
t2p_itac_security.png

ITAC: Information Security

Practical guidance for management on how to prepare for successful audits

Author: Dan Swanson, CMA, CIA, CISA, CISSP, CAP

This paper documents a risk-sensitive approach to auditing information security programs, processes, and effectiveness. The paper is intended to help IT, compliance, audit, and business managers to prepare for an audit of information security—and, ultimately, to ensure that the audit experience and results are as productive as possible. Includes over 225 control-based checklist items.

View details & comments >

T2P Member resource. Please register (and/or log in) to download this paper.
t2p_itac_governance-strategyt.png

ITAC: IT Governance and Strategy

Practical guidance for managers on how to prepare for successful audits

Authors: Cass Brewer and Dan Swanson, CMA, CIA, CISA, CISSP, CAP

The paper includes guidance on assessing the completeness, effectiveness, and sustainability of IT governance and strategy. While other papers in The IT Audit Checklist series offer guidance on IT functional areas, this paper explores objectives and practices that allow executives and leaders to form appropriate governance plans, strategies, purchase decisions, and policies that not only meet compliance goals, but also empower risk management and support competitive business operations. Includes more than 120 control-based checklist items.

View details & comments >

T2P Member resource. Please register (and/or log in) to download this paper.
t2p_itac_monitoring.png

ITAC: Logging, Monitoring, and Reporting

Practical guidance for management on how to prepare for successful audits

Authors: Ted Ritter, CISSP, and Dan Swanson, CMA, CIA, CISA, CISSP, CAP

This paper focuses on IT as both as a subject of monitoring and a tool of reporting. The heart of the paper is a list of controls related to logging, monitoring, and reporting functions that are necessary for effective compliance and risk management. Includes 100 control-based checklist items.

View details & comments >

T2P Member resource. Please register (and/or log in) to download this paper.
t2p_itac_privacy.png

ITAC: Privacy and Data Protection

Practical guidance for management on how to prepare for successful audits

Authors: CISSP, CISA, CISM, and Dan Swanson, CMA, CIA, CISA, CISSP, CAP

The paper includes advice on assessing the robustness of privacy controls; guidance on how management and auditors can better support privacy policies and procedures; and information on ensuring continual improvement of privacy practices. Includes 270 control-based checklist items.

View details & comments >

T2P Member resource. Please register (and/or log in) to download this paper.
t2p_itac_risk-management.png

ITAC: Risk Management

Practical guidance for management on how to prepare for successful audits

Authors: Dan Swanson, CMA, CIA, CISA, CISSP, CAP

This paper presents key concepts, approaches, and processes for internal audit's support of enterprise risk management (ERM) programs. Concrete objectives for both auditors and ERM practice leaders cover audit phases from planning to reporting, as well as tips for more effective audit preparation and process-communications. Includes process- and control-based checklist items.

View details & comments >

T2P Member resource. Please register (and/or log in) to download this paper.