Auditing IT Governance Structure and Implementation
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi there and welcome back to our next lesson,
00:00
auditing IT, governance structure and implementation.
00:00
This will cover all this stuff for you as
00:00
an auditor needs to know about
00:00
what we've covered in terms of
00:00
the IT governance structure and implementation.
00:00
This will be a very much a key aspect
00:00
of you as an auditor out there in
00:00
an organization looking at
00:00
governance structures and implementations
00:00
, so let's get into it.
00:00
In this lesson, we'll cover some of
00:00
the key concerns that you as an auditor will
00:00
face in terms of auditing this particular aspect of IT,
00:00
we'll look for some key governance documents that
00:00
you need to be aware of and
00:00
probably you need to audit and a few things to look out
00:00
for as an auditor, so let's go.
00:00
There's a couple of things that are key concerns
00:00
as an auditor.
00:00
In terms of this can be applying to any aspect of
00:00
the IT organization that you're auditing.
00:00
But things such as excessive costs, any budget overruns,
00:00
light projects,
00:00
high staff turnover, any inexperienced stuff,
00:00
frequent highway or software errors,
00:00
large backlogs of users requests,
00:00
and slow computer response times are certain aspects or
00:00
certain signs that there are
00:00
some problems within the governance of IT.
00:00
In addition to that,
00:00
we've got things such as numerous or
00:00
boarded or suspended development projects,
00:00
any unsupported or unauthorized purchases,
00:00
also known as shadow IT.
00:00
For example, often frequent upgrades,
00:00
any extensive exception reports
00:00
or exception reports particularly
00:00
that were not followed up,
00:00
a lack of succession planning and
00:00
a reliance of one or two key personnel,
00:00
and a lack of training.
00:00
In terms of when you are actually onsite auditing,
00:00
except with the key governance documents that
00:00
you'll need to look for and quite likely review,
00:00
so your IT strategies, plans, and budgets.
00:00
The security policies will
00:00
certainly be something that you'll need to look over.
00:00
Organizational chart, job descriptions,
00:00
any IT steering committee reports,
00:00
systems developed in a program change procedures,
00:00
any operations procedures,
00:00
HR manual, and quality procedures.
00:00
All these are key artifacts for you to look at and
00:00
ensure that the IT governance is working correctly.
00:00
Now, things to look for with
00:00
these problem areas and also these documents.
00:00
Basically, are they authorized?
00:00
That is probably first and foremost, the key thing.
00:00
It needs to have some imprimatur
00:00
from less senior management that
00:00
determines that this is a document that has been
00:00
reviewed and is authorized for within the organization,
00:00
and also, that they're up to date.
00:00
If you're seeing a security policy
00:00
that's got a date from 10 years ago,
00:00
then that could be a red flag
00:00
for you to look for as an auditor.
00:00
That's our lesson. We've looked at
00:00
some of the key concerns that you'll need
00:00
to look for within
00:00
auditing governance structures within organizations,
00:00
some of the key governance documents that you'll need
00:00
to review and be aware of,
00:00
and two of the key things to look for
00:00
when you're undertaking this particular role.
00:00
That's in for our lesson.
00:00
I hope you enjoyed it and I'll see you in the next one.
Up Next
