From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Auditing management structure
From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors
Auditing management structure
- [Instructor] All right, let's talk about auditing the actual management structure of the IT organization. So, when it comes to auditing the org chart, take a look at the org chart, take a look at who reports to who, and determine does the organization have enough separation between IT management and security management? You know, security ideally should report directly to executive management, not go through say the IT director or through perhaps the CIO. There should be some kind of direct channel to executive management and potentially, even the board, as to the security management practices and how well things are going with the organization. Same thing goes for auditors. Is there an auditing team that reports directly to executive management or the board? You don't want to have auditors reporting too low down the food chain. They should be going straight directly to executive management and straight up to the governance entity, whatever that is, typically the board of directors.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.