Please enable JavaScript.
Coggle requires JavaScript to display documents.
5.4.2 5.2 (The documents should be assessed to determine whether: (• They…
5.4.2
5.2
The documents should be assessed to determine whether:
• They were
CREATED AS MANAGEMENT AUTHORIZED AND INTENTED
• They are
CURRENT AND UP TO DATE
AUDITING IT GOVERNANCE STRUCTURE AND
IMPLEMENTATION
Significant conditions concern the IS auditor when auditing the IT function,
• Excessive costs
• Budget overruns
• Late projects
• High staff turnover
• Inexperienced staff
• Frequent HW/SW errors
• An excessive backlog of user requests
• Slow computer response time
• Numerous aborted or suspended development projects
• Unsupported or unauthorized HW/SW purchases
• Frequent HW/SW upgrades
• Extensive exception reports
• Exception reports that were not followed up
• Lack of succession plans
• A reliance on one or two key personnel
• Lack of adequate training
Reviewing Documentation
IS auditors should review the following governance documents:
• IT strategies, plans and budgets
• Security policy documentation
• Organization/functional charts
• Job descriptions
• IT steering committee reports
• System development and program change procedures
• Operations procedures
• HR manuals
• QA procedures