Rolling Meadows, IL, USA: With the consumerization of technology, including the surge in “bring your own device” (BYOD), IT auditors are facing increasing challenges. To help auditors with their increasing demands and responsibilities, ISACA, a non-profit association serving 100,000 IT professionals in 180 countries, has developed more than 40 customizable IT audit/assurance programs, including three new releases:
BYOD Audit/Assurance Program—which helps auditors provide management with an assessment of bring-your-own-device (BYOD) policies and procedures, identify internal control and regulatory deficiencies, and identify information security control concerns that could affect the reliability, accuracy and security of the enterprise data.
Personally Identifiable Information (PII) Audit/Assurance Program—which helps auditors provide management with an assessment of PII policies and procedures; and focuses on private data and storage locations, including the deployment and effectiveness of an organization-wide data classification scheme, policies and procedures relating to action needed after a breach of PII confidentiality, and training employees in handling and processing PII and data privacy.
Outsourced IT Environments Audit/Assurance Program—which helps auditors provide management with an independent assessment of the IT outsourcing process, compliance with outsourcing contract, accuracy of billing, and successful remediation of issues identified during the execution of business processes. It also helps auditors evaluate internal controls affecting business processes related to outsourcing, and permits the audit/assurance professional to place audit reliance on the data and operational processes performed by the supplier on behalf of the customer.
Other ISACA audit programs include cybercrime, social media, crisis management, change management and cloud computing.
“ISACA’s audit programs can be used by auditors worldwide as a road map for specific assurance processes,” said Greg Grocholski, CISA, international president of ISACA and global business finance director for the Ventures and Business Development unit within The Dow Chemical Company. “They can be customized by IT auditors in any type of environment to help them conduct effective reviews that will help ensure trust and value in the enterprise’s information systems.”
The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF) and align with the globally recognized COBIT business framework for governance and management of IT. They have been developed by experienced assurance professionals and are peer reviewed. The programs are downloadable in a Word document and can be easily customized to fit specific operating environments. They also can be used by security and business professionals, who will benefit from applying the control objectives and audit steps to make the respective scope areas more robust