« IPA 「MD5 の安全性の限界に関する調査研究」に関する報告書・「安全な暗号鍵のライフサイクルマネージメントに関する調査」に関する報告書を公表 | Main | IIA Managing the Business Risk of Fraud: A Practical Guide (事業上の不正リスク管理のための実務指針) »

2008.07.26

IIA Global Technology Audit Guide

 こんにちは、丸山満彦です。IIAが公表しているGlobal Technology Audit Guide seriesに「事業継続管理」と「IT監査計画の立案」が新たに公表されていました。。。ということでご紹介。。。

 
【IIA】
Global Technology Audit Guide

=====
●GTAG 10 Business Continuity Management
1. Executive Summary
2. Introduction

 2.1 BCM Definition
 2.2 Crisis Management Planning
 2.3 Disaster Recovery of IT
3. Building a Business Case
4. Business Risks

 4.1 Common Disaster Scenarios
 4.2 Common Disaster Impacts
5. BCM Requirements
 5.1 Management Suppor
 5.2 Risk Assessment and Risk Mitigation.
 5.3 Business Impact Analysis
 5.4 Business Recovery and Continuity Strategy
 5.5 Disaster Recovery for IT
 5.6 Awareness and Training
 5.7 Maintenance of the BCM Program
 5.8 Exercise of the Business Continuity
 5.9 Crisis Communications
 5.10 Coordination with External Agencies
6. Emergency Response
7. Crisis Management
8. Conclusion/Summary
9. Appendix

 9.1 Sample BCP Audit Guide
 9.2 BCM Standards and Guidelines
 9.3 BCM Capability Maturity Model

=====
●GTAG 11 Developing the IT Audit Plan
TABLE OF CONTENTS
1. Executive Summary
2. Introduction

 2.1 IT Audit Plan Development Process
3. Understanding the Business
 3.1 Organizational Uniqueness
 3.2 Understanding the Operating Environment
 3.3 IT Environment Factors
4. Defining the IT Audit Universe
 4.1 Examining the Business Model
 4.2 Role of Supporting Technologies
 4.3 Annual Business Plans
 4.4 Centralized and Decentralized IT Functions
 4.5. IT Support Processes
 4.6. Regulatory Compliance
 4.7. Define Audit Subject Areas
 4.8. Business Applications
 4.9. Assessing Risk
5. Performing a Risk Assessment
 5.1 Risk Assessment Process
  5.1.1 Identify and Understand Business Objectives
  5.1.2 Identify and Understand IT Strategy
  5.1.3 IT Universe
 5.2 Ranking Risk
 5.3 Leading IT Governance Frameworks
6. Formalizing the IT Audit Plan
 6.1 Audit Plan Context
 6.2 Assurance and Consulting Services Requests
 6.3 Audit Frequency
 6.4 Audit Plan Principles
 6.5 The IT Audit Plan Content
 6.6 Integration of the IT Audit Plan
 6.7 Validating the Audit Plan
 6.8 The Dynamic Nature of the IT Audit Plan
 6.9 Communicating, Gaining Executive Support, and Obtaining Plan Approval
Appendix: Hypothetical Company Example

GTAG

Title

Guide

PPT

抄訳

01

Information Technology Controls

Guide

PPT

ITコントロール

02

Change and Patch Management Controls: Critical for Organizational Success

Guide

PPT

変更及びパッチ管理の統制

03

Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment

Guide

PPT

継続監査

04

Management of IT Auditing

Guide

PPT

ITコントロール監査の管理

05

Managing and Auditing Privacy Risks

Guide

PPT

プライバシーリスクの管理と監査

06

Managing and Auditing IT Vulnerabilities

Guide

PPT

IT脆弱性の管理と監査

07

Information Technology Outsourcing

Guide

PPT

ITの外部委託

08

Auditing Application Controls

Guide

PPT

業務統制の監査

09

Identity and Access Management

Guide

 

IDとアクセス管理

10

Business Continuity Management

Guide

 

事業継続管理

11

Developing the IT Audit Plan

Guide

 

IT監査計画の立案

|

« IPA 「MD5 の安全性の限界に関する調査研究」に関する報告書・「安全な暗号鍵のライフサイクルマネージメントに関する調査」に関する報告書を公表 | Main | IIA Managing the Business Risk of Fraud: A Practical Guide (事業上の不正リスク管理のための実務指針) »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/41973249

Listed below are links to weblogs that reference IIA Global Technology Audit Guide :

« IPA 「MD5 の安全性の限界に関する調査研究」に関する報告書・「安全な暗号鍵のライフサイクルマネージメントに関する調査」に関する報告書を公表 | Main | IIA Managing the Business Risk of Fraud: A Practical Guide (事業上の不正リスク管理のための実務指針) »