Information is the currency of the 21st century and the role of those who audit IT is more critical than ever. CNN Money recently said IT auditing is one of the fastest-growing careers. To help auditors handle their increasing demands and responsibilities, ISACA, a nonprofit association serving 100,000 IT professionals in 180 countries, publishes customizable IT audit/assurance programs for current issues, including social media and cybercrime. The newest from ISACA are:
* Cybercrime Audit/Assurance Program, which helps auditors provide management with an independent assessment of the effectiveness of cybercrime prevention and detection, and incident management.
* Biometrics Audit/Assurance Program, which helps auditors provide management with an independent assessment of biometric systems and their alignment with enterprise policies and industry good practices.
* E-commerce and Public Key Infrastructure (PKI) Audit/Assurance Program, which helps auditors provide management with an evaluation of IT’s preparedness for intrusion or major failure of e-commerce or PKI and identification of issues that may impact related security.
* VPN Security Audit/Assurance Program, which helps auditors provide management with an independent assessment of the virtual private network (VPN) implementation.
“ISACA’s audit programs can be used by auditors worldwide as a road map for specific assurance processes,” said Greg Grocholski, CISA, international president of ISACA and chief audit executive at The Dow Chemical Company. “They can be customized by IT auditors in any type of environment to help them conduct effective reviews that will help ensure trust and value in the enterprise’s information systems.”
The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF) and align with the globally recognized COBIT business framework for governance and management of IT. They have been developed by experienced assurance professionals and are peer reviewed. The programs are downloadable in a Word document and can be easily customized to fit specific operating environments. They can also be used by security and business professionals, who will benefit from applying the control objectives and audit steps to make the respective scope areas more robust.