« 新型インフルエンザ対策実施状況・・・社内マニュアルがあるのは4割弱(2) | Main | 金融庁 パブコメ 「公認会計士・監査法人に対する懲戒処分等の考え方」の改訂(案) »

2008.04.30

ISACA ITAF™: A Professional Practices Framework for IT Assurance

 こんにちは、丸山満彦です。ISACAがITAF™: A Professional Practices Framework for IT Assurance を公開していますね。。。
 監査基準のようなものです。。。

 
■ISACA
ITAF™: A Professional Practices Framework for IT Assurance

 ISACA会員は全文を見れますが、一般の人は要約だけですね。。。

目次
=====
Section1000—Introducing the IT Assurance Framework
1100—ITAF: A Brief Overview
1500—Organisation of the IT Assurance Framework
1700—Use of the IT Assurance Framework
1800—Important Terms and Definitions
1900—How This Publication is Organised

Section2000—IT Assurance Standards: Defining a Common Reference Point
2100—IT Assurance Standards: Overview and Use
2150—ISACA Code of Professional Ethics
2200—General Standards
2400—Performance Standards
2600—Reporting Standards

Section3000—IT Assurance Guidelines: Putting the Standards Into Practice
3100—IT Assurance Guidelines: Overview and Use
3200—Enterprise Topics
3210—Implication of Enterprise-wide Policies, Practices and Standards on the IT Function
3230—Implication of Enterprise-wide Assurance Initiatives on the IT Function
3250—Implication of Enterprise-wide Assurance Initiatives on IT Assurance Plans and Activities
3270—Additional Enterprise-wide Issues and Their Impact on the IT Function
3400—IT Management Processes
3410—IT Governance (Mission, Goals, Strategy, Corporate Alignment, Reporting)
3412—Determining the Impact of Enterprise Initiatives on IT Assurance Activities
3415—Using the Work of Other Experts in Conducting IT Assurance Activities4
3420—IT Project Management
3425—IT Information Strategy
3427—IT Information Management
3430—IT Plans and Strategy (Budgets, Funding, Metrics)
3450—IT Processes (Operations, Human Resources, Development, etc.)
3470—IT Risk Management
3490—IT Support of Regulatory Compliance
3600—IT Audit and Assurance Processes
3605—Relying on the Work of Specialists and Others
3607—Integrating IT Audit and Assurance Work With Other Audit Activities
3610—Using COBIT in the IT Assurance Process
3630—Auditing IT General Controls (ITGCs)
3650—Auditing Application Controls
3653—Auditing Traditional Application Controls
3655—Auditing Enterprise Resource Planning (ERP) Systems
3657—Auditing Alternative Software Development Strategies
3660—Auditing Specific Requirements
3661—Auditing Government-specified Criteria
3662—Auditing Industry-specified Criteria
3670—Auditing With Computer-assisted Audit Techniques (CAATs)
3680—IT Auditing and Regulatory Reporting
3690—Selecting Items of Assurance Interest
3800—IT Audit and Assurance Management
3810—IT Audit or Assurance Function
3820—Planning and Scoping IT Audit and Assurance Objectives
3830—Planning and Scoping IT Audit and Assurance Work
3835—Planning and Scoping Risk Assessments
3840—Managing the IT Audit and Assurance Process Execution
3850—Integrating the Audit and Assurance Process
3860—Gathering Evidence
3870—Documenting IT Audit and Assurance Work
3875—Documenting and Confirming IT Audit and Assurance Findings
3880—Evaluating Results and Developing Recommendations
3890—Effective IT Audit and Assurance Reporting
3892—Reporting IT Audit and Assurance Recommendations
3894—Reporting on IT Advisory and Consultancy Reviews

Section4000—IT Assurance Tools and Techniques (Reserved for Future Development)
Appendix—Code of Professional Ethics
Glossary
References
Other Publications
Comment Submission Form
=====

|

« 新型インフルエンザ対策実施状況・・・社内マニュアルがあるのは4割弱(2) | Main | 金融庁 パブコメ 「公認会計士・監査法人に対する懲戒処分等の考え方」の改訂(案) »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/41048127

Listed below are links to weblogs that reference ISACA ITAF™: A Professional Practices Framework for IT Assurance:

« 新型インフルエンザ対策実施状況・・・社内マニュアルがあるのは4割弱(2) | Main | 金融庁 パブコメ 「公認会計士・監査法人に対する懲戒処分等の考え方」の改訂(案) »