Upload File

1 it / is audit process models (mindmaps) for personal use only – not for distribution begin audit...

  • Home
  • Documents
  • 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working
12
1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit Familiarise Gather Information Create Working Papers Create Process Maps Annotate Risk Annotate Controls Evaluate Controls Risk Appetite Control Efficiency and Costs Process Hotspots Process Efficiency Testing Reporting

Upload: jayden-folley

Post on 01-Apr-2015

215 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

1

IT / IS AUDIT PROCESS MODELS (MINDMAPS)

For personal use only – not for distribution

Begin Audit

End Audit

Familiarise Gather Information Create WorkingPapers

Create ProcessMaps

AnnotateRisk

AnnotateControls

EvaluateControls

Risk AppetiteControl

Efficiencyand Costs

ProcessHotspots

ProcessEfficiency Testing

Reporting

Page 2: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Entry meetings

Choose AuditSet Scope and

ObjectivesNotify Management andauditees as necessary

Entry Meetings

Fieldwork

ReportingFollow up

Page 3: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Familiarisation – get to know process flow

Identify Determine Document

a cb

WhatWho

WhenHow

WhereWhy

Possibility ofsignificant

OperationalCompliance

ReportingStrategicRisks?

WhatWho

WhenHow

WhereWhy

WhatWho

WhenHow

WhereWhy

Possibility ofsignificant

OperationalCompliance

ReportingStrategicRisks?

Possibility ofsignificant

OperationalCompliance

ReportingStrategicRisks?

Page 4: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Fieldwork

Choose AuditSet Scope and

ObjectivesNotify Management andauditees as necessary

Entry Meetings

Fieldwork

ReportingFollow up

1. Interviews2. Existing documentation3. Questionnaires4. Observations5. Tests

Page 5: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Determine expected controls

ControlFeedback

a cb

I/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Stored Data is:SecurePrivate

Recoverable

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

End to end reconcilability

Segregation of roles

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

Stored Data is:SecurePrivate

Recoverable

Stored Data is:SecurePrivate

Recoverable

Segregation of roles

O/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Page 6: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Locate actual controls

ControlFeedback

a cb

I/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Stored Data is:SecurePrivate

Recoverable

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

End to end reconcilability

Segregation of roles

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

Stored Data is:SecurePrivate

Recoverable

Stored Data is:SecurePrivate

Recoverable

Segregation of roles

O/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Page 7: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Gap analysisshows missingcontrols

ControlFeedback

a cb

I/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Stored Data is:SecurePrivate

Recoverable

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

End to end reconcilability

Segregation of roles

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

Stored Data is:SecurePrivate

Recoverable

Stored Data is:SecurePrivate

Recoverable

Segregation of roles

O/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Present as expected.

Expected but absent.

ControlFeedback

a cb

I/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Stored Data is:SecurePrivate

Recoverable

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

End to end reconcilability

Segregation of roles

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

Stored Data is:SecurePrivate

Recoverable

Stored Data is:SecurePrivate

Recoverable

Segregation of roles

O/P is:CompleteAccurate

AuthorisedAuthenticTraceable

ControlFeedback

a cb

I/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Stored Data is:SecurePrivate

Recoverable

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

End to end reconcilability

Segregation of roles

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

Stored Data is:SecurePrivate

Recoverable

Stored Data is:SecurePrivate

Recoverable

Segregation of roles

O/P is:CompleteAccurate

AuthorisedAuthenticTraceable

Page 8: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Key application controls

ControlFeedback

a cb

I/P is:CompleteAccurate

AuthorisedAuthenticTraceable

End to end reconcilability

Segregation of roles Segregation of roles

O/P is:CompleteAccurate

AuthorisedAuthenticTraceable

ControlForward

Page 9: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Key network controls

a cb

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

End to end reconcilability

Flow maintainsIntegrity

ConfidentialityAuthenticityAvailability

Page 10: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

Key storage controls

a cb

Stored Data is:SecurePrivate

Recoverable

Stored Data is:SecurePrivate

Recoverable

Stored Data is:SecurePrivate

Recoverable

Page 11: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

HOST CONTROLSRouter

Packet FilterProxy

Firewall

WhoLimited Few

SkillCompetence

How Security / vulnerability of underlying OS

Rules and RationaleHow tested

How validatedPen testing

Key host controls

Page 12: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working

12

IT / IS AUDIT PROCESS MODELS (MINDMAPS)

For personal use only – not for distribution

Begin Audit

End Audit

Familiarise Gather Information Create WorkingPapers

Create ProcessMaps

AnnotateRisk

AnnotateControls

EvaluateControls

Risk AppetiteControl

Efficiencyand Costs

ProcessHotspots

ProcessEfficiency Testing

Reporting


Re-usable Creating and Using Mindmaps · Creating and Using Re-usable Mindmaps Powered by Mindmaps 1. ABOUT ME JYOTHI RANGAIAH 2. AGENDA • What and Where - Mindmapping • How to

SAP SuccessFactors Modules Features Mindmaps

Using mindmaps

Scenarios, Communication, Mindmaps Scenarios, Communication, Mindmaps … Urban Transportation Planning MIT Course 1.252j/11.540j Fall 2006 Mikel Murga, MIT Lecturer and Research Associate

2009-10-00 MPRE Mindmaps

Mindmaps examples sfrome2011 by Jasmin Suministrado

MINDMAPwolfsonhighvisualarts.weebly.com/uploads/4/7/2/7/4727076/...HISTORY (Past)!In 3RDCentury BC mindmaps were made, just not called mindmaps.!Leonardo DaVinci made mindmaps (not

10 class maths sample mindmaps

7 class maths sample mindmaps

Chemistry SPM Topical Mindmaps

MindMaps for Visio - oneassist.de · MindMaps for Visio Manual Table of Contents MindMaps for Visio ... provided by Microsoft Visio 2010 and 2013. It activates automatically when

Global Warming (mindmaps) eBook

Mindmaps training sfrome2011 by Jasmin Suministrado

MindMaps to Change Mindset

vSphere 6 Troubleshooting Mindmaps - Elastic Sky · vSphere 6 Troubleshooting Mindmaps Paul McSharry . Management . Virtual Machine. Compute. Networking. Storage. GeneraL Tkou kE

8 class maths sample mindmaps

Java Kompakt Mindmaps

PMP Prep - PM Process Mindmaps

combined mindmaps

Mindmaps & mood board

Digital mindmaps

PoS mindmaps

Collaborative Test Designing through Mindmaps

7 class science sample mindmaps

Bubble mindmaps

Germany gcse revision mindmaps shp edexcel

Mindmaps: Agile and Lightweight Documentation for Testing

Mindmaps: Lightweight Documentation for Testing

ABo4o1 mindmaps

MindSpace Tutorial : Creating MindMaps - AST Education · MindSpace Tutorial : Creating MindMaps ... experimented a little with the concept of MindMapping. Title: MindSpaceTutorial1

HRM 2008 - Complete Mindmaps

10 class science sample mindmaps

9 class maths sample mindmaps

Toepassing van mindmaps bij natuurkunde op het VO · 3-9-2012 Toepassing van mindmaps bij natuurkunde op het VO ... Met name bij het natuurkunde onderwijs in Havo en VWO kunnen mindmaps

2015 Level 1 Mindmaps (04. FRA)