With the consumerization of technology, including the surge in “bring your own device” (BYOD), IT auditors are facing increasing challenges. To help auditors with their increasing demands and responsibilities, ISACA, a nonprofit association serving 100,000 IT people in 180 countries, has developed more than 40 customisable IT audit/assurance programmes
BYOD Audit/Assurance Program—which helps auditors provide management with an assessment of bring-your-own-device (BYOD) policies and procedures, identify internal control and regulatory deficiencies, and identify information security control concerns that could affect the reliability, accuracy and security of the enterprise data.
Personally Identifiable Information (PII) Audit/Assurance Program—which helps auditors provide management with an assessment of PII policies and procedures; and focuses on private data and storage locations, including the deployment and effectiveness of an organisation-wide data classification scheme, policies and procedures relating to action needed after a breach of PII confidentiality, and training employees in handling and processing PII and data privacy.
Outsourced IT Environments Audit/Assurance Program—which helps auditors provide management with an independent assessment of the IT outsourcing process, compliance with outsourcing contract, accuracy of billing, and successful remediation of issues identified during the execution of business processes. It also helps auditors evaluate internal controls affecting business processes related to outsourcing, and permits the audit/assurance professional to place audit reliance on the data and operational processes performed by the supplier on behalf of the customer.
Other ISACA audit programs include cybercrime, social media, crisis management, change management and cloud computing.
“ISACA’s audit programs can be used by auditors worldwide as a road map for specific assurance processes,” said Greg Grocholski, CISA, international president of ISACA and global business finance director for the Ventures and Business Development unit within The Dow Chemical Company. “They can be customized by IT auditors in any type of environment to help them conduct effective reviews that will help ensure trust and value in the enterprise’s information systems.”
The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF)
The audit/assurance programmes are free for ISACA members and US $45 for nonmembers at www.isaca.org