30 August 2010 -Ensuring that internal controls are effective is a critical business issue worldwide. To provide audit and assurance professionals with the most up-to-date guidance, ISACA, a nonprofit association serving 95,000 IT professionals in 160 countries, has developed four new audit programs:
- Cloud Computing, which covers governance over cloud computing, the relationship between the service provider and customer, and specific control issues
- Crisis Management, which focuses on pre-crisis planning; the scope of the plan, including the relevance of the crisis scenarios selected, the probability that they will occur, and appropriate responses; as well as testing, maintaining and aligning the plan with business risks.
- Information Security Management, which features governance, policy, monitoring, incident management, implementing security configurations and selecting security technologies
- Windows Active Directory, which covers Active Directory management, Secure Active Directory boundaries, secure domain controllers, physical security of the domain controllers, configuration settings, and secure administrative practices
"These audit programs are valuable tools because they provide a template to help auditors worldwide complete specific assurance processes," said Norm Kelson, CISA, CGEIT, CPA, lead author of the programs. "They have been developed by a team of experienced assurance professionals from around the world, representing the latest global expertise, and are peer reviewed. In addition, they are downloadable in a Word document and can be easily customized to fit a specific operating environment."
The programs can also be used by security and business professionals, who will benefit from applying the control objectives and audit steps to make the respective scope areas more robust.
The audit programs are free for ISACA members and US $45 for nonmembers at www.isaca.org/auditprograms. Additional guidance and the Information Technology Assurance Framework (ITAF) are available at www.isaca.org/assurance.