ISACA: Nuova IS Auditing Guideline – Organizzazione IT (in bozza)
Inserito da Agatino Grillo il Gio, 2007-10-30 15:55
IS Audit & Control
071030-isaca-draft-guideline
ISACA USA ha pubblicato, in bozza, la linea guida "IT Organisation" (pdf,
12 pp, 121 K). Il documento è una guida per applicare in
pratica l’IS Auditing Standard S10 "IT Governance" (qui
in italiano, pdf, 60 K, 2 pp).
1.1 Linkage to Standards
1.2 Linkage to COBIT
1.3 COBIT Reference
1.4 Purpose of the Guideline
1.5 Guideline Application
2. The IT organisation
2.1 Types of Organisations
2.2 IT Alignment
2.3 IT Strategic Plan
2.4 IT Steering Committee
2.5 Organisational Placement of the IT Function and Supporting Functions
2.6 IT Organisational Structure
2.7 Roles and Responsibilities
2.8 Responsibility for IT Quality Assurance
2.9 Process Outsourcing
2.10 IT Infrastructure and Computer Operations
2.11 Operations Procedures and Tasks
2.12 Application Development
2.13 Contract Adherence of the IT Function Utilising an Outsourcing Arrangement
2.14 Procedures Regarding Third Parties
2.15 Responsibility for Risk, Security and Compliance
2.16 Personnel Recruitment and Retention
3. Audit process
3.1 Planning
3.2 IS Audit Objectives
3.3 Scope of the Audit
3.4 Staffing
4. Performance of audit work
4.1 Review of the IT Organisation and the Strategic Planning Process
5. Reporting
5.1 Report Generation and Follow-up
6. Effective date
Altre informazioni su Agatino Grillo.
Indice del documento
1. Background1.1 Linkage to Standards
1.2 Linkage to COBIT
1.3 COBIT Reference
1.4 Purpose of the Guideline
1.5 Guideline Application
2. The IT organisation
2.1 Types of Organisations
2.2 IT Alignment
2.3 IT Strategic Plan
2.4 IT Steering Committee
2.5 Organisational Placement of the IT Function and Supporting Functions
2.6 IT Organisational Structure
2.7 Roles and Responsibilities
2.8 Responsibility for IT Quality Assurance
2.9 Process Outsourcing
2.10 IT Infrastructure and Computer Operations
2.11 Operations Procedures and Tasks
2.12 Application Development
2.13 Contract Adherence of the IT Function Utilising an Outsourcing Arrangement
2.14 Procedures Regarding Third Parties
2.15 Responsibility for Risk, Security and Compliance
2.16 Personnel Recruitment and Retention
3. Audit process
3.1 Planning
3.2 IS Audit Objectives
3.3 Scope of the Audit
3.4 Staffing
4. Performance of audit work
4.1 Review of the IT Organisation and the Strategic Planning Process
5. Reporting
5.1 Report Generation and Follow-up
6. Effective date
Lo standard framework
È utile ricordare che il framework di Audit proposto da ISACA si articola in tre livelli:
- gli standard veri e propri che sono i requisiti obbligatori (mandatory) per l’IS auditing e reporting;
- le guideline che forniscono modelli ed esempi per applicare gli standard;
- le procedure che forniscono un ulteriore livello di
approfondimento
delle linee guida che non sono obbligatorie in senso stretto ma che
vanno applicate, viceversa, secondo la sensibilità
dell’auditor.
Chi è Agatino Grillo?
Agatino Grillo, CISA, CISM, CISSP, fa parte del comitato direttivo di IsacaRoma. Precedentemente è stato nel comitato direttivo di AIEA. Ha scritto diversi articoli per IsacaRoma Newsletter. Questo articolo è stato pubblicato originariamente in www.agatinogrillo.itAltre informazioni su Agatino Grillo.
IsacaRoma Newsletter Link
- ISACA: Standard, direttive e procedure – prima parte (24 settembre 2006)
- ISACA: Standard, direttive e procedure – l’analisi dei rischi (24 settembre 2006)
- ISACA: in arrivo la IT Auditing Standards (ITAS) Guidance (19 febbraio 2007)
» email this story | printer friendly version | 9762 reads
