From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Auditing governance and documentation

Auditing governance and documentation

From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors

Start my 1-month free trial

Auditing governance and documentation

- [Instructor] All right, let's talk about Auditing Governance and Documentation. So when it comes to auditing governance, first of all, we want to know how well governance is actually being performed, so this is more of a business process audit than anything technical. It's unlike some of the other audits we may have talked about in this course. It's really assessing the roles and responsibilities within the governance structure. So first thing you look at is, is there a framework in place? Is there a framework that this particular organization is following, like COBIT or ITIL or any of the ISO standards, ISO 27001 or 38500? If there is a standard in place, then take a look at the controls in that standard and see, are we close to those controls? How are we actually aligning? Are we aligning well or are we far off? So by having a framework in place, that makes it very easy for the auditor to go through and look down the list of controls whether we are or are not doing any of those…

Contents