Page 34 - Quick Insights Book 2022
P. 34
Chap. 6 – Information Technology
AUDIT OF THE INFORMATION SECURITY GRC FRAMEWORK IMPLEMENTATION
Basics Evaluates the organization’s current use of GRC software or
GRC software selection process. Provides value-added insight
Information security program assessment evaluates the on critical business requirements.
organization’s information security program, including strategy,
awareness and training, vulnerability assessments, predictive This is also a technology driven opportunity for Chartered
threat models, monitoring, detection and response, technologies Accountants to engage into. GRC gets its legal push through
and reporting. Companies Act, 2013.
Detailed discussion in Companies Act, 2013, section of this
Deliverable guide.
Audit of comprehensiveness of Information Security Program.
IT Governance Audit
BUSINESS CONTINUITY MANAGEMENT (BCM)
Basics
The Audit Evaluates the processes IT has in place to govern capital
allocation decisions, project approvals and other critical
Basics decisions.
BCM, has gained worldwide recognition post the attack on
WORLD TRADE CENTRE in USA. BCM, importance and Deliverable
relevance for ensuring going concern status of any entity is Management Audit for formalized processes for governing IT
beyond discussion. exist, including existence of formal charters, mandates and
responsibilities documents and its compliance in key steering
Deliverable committees.
Business continuity program integration and governance audit
evaluates the organization’s overall business continuity plan, IT Risk Assessment
including program governance, policies, risk assessments,
business impact analysis, vendor/third-party assessment, Basics
strategy/plan, testing, maintenance, change management and Participates in IT’s own risk assessment (as opposed to the
training/awareness.
independent IT internal audit risk assessment) as an advisory
audit. Evaluates the risks identified and provide insight given the
MOBILE COMPUTING auditor’s unique perspective on the IT organization.
Basics Deliverables
Mobile usage for business, personnel use has been rising Management audit of IT risk assessment process.
geometrically. The size, convenience, mobility, geographical
spread, latest technological innovations, and relatively low IT INVESTMENTS PROGRAM RISK
cost has made mobile computing the most used and growing
technology.
Project Management Methodology Audit
To identify risks in the settings and configuration of mobile
device and vulnerabilities in the current implementation. This Basics
audit would include an evaluation of trusted clients, supporting Assesses the design of processes and controls in place to
network architecture, policy implementation, management of lost manage projects against leading practices.
or stolen devices, and vulnerability identification through network
accessibility and policy configuration.
Deliverables
Deliverable Management audit, of project management methodology
adopted.
A management audit validating BYOD policy’s existence,
its effectiveness and process of update to policy based on Operational audit, to assess whether the intended benefits from
assessment of new risks. project implemented has been achieved.
An operational audit, validating implementation of BYOD policy.
Quick Insights on Professional Opportunities for Chartered Accountants 21
