IIA Global Technology Audit Guide

　こんにちは、丸山満彦です。IIAが公表しているGlobal Technology Audit Guide seriesに「事業継続管理」と「IT監査計画の立案」が新たに公表されていました。。。ということでご紹介。。。

　
【IIA】
■Global Technology Audit Guide

＝＝＝＝＝
●GTAG 10 Business Continuity Management
1. Executive Summary
2. Introduction
　2.1 BCM Definition
　2.2 Crisis Management Planning
　2.3 Disaster Recovery of IT
3. Building a Business Case
4. Business Risks
　4.1 Common Disaster Scenarios
　4.2 Common Disaster Impacts
5. BCM Requirements
　5.1 Management Suppor
　5.2 Risk Assessment and Risk Mitigation.
　5.3 Business Impact Analysis
　5.4 Business Recovery and Continuity Strategy
　5.5 Disaster Recovery for IT
　5.6 Awareness and Training
　5.7 Maintenance of the BCM Program
　5.8 Exercise of the Business Continuity
　5.9 Crisis Communications
　5.10 Coordination with External Agencies
6. Emergency Response
7. Crisis Management
8. Conclusion/Summary
9. Appendix
　9.1 Sample BCP Audit Guide
　9.2 BCM Standards and Guidelines
　9.3 BCM Capability Maturity Model

＝＝＝＝＝
●GTAG 11 Developing the IT Audit Plan
TABLE OF CONTENTS
1. Executive Summary
2. Introduction
　2.1 IT Audit Plan Development Process
3. Understanding the Business
　3.1 Organizational Uniqueness
　3.2 Understanding the Operating Environment
　3.3 IT Environment Factors
4. Defining the IT Audit Universe
　4.1 Examining the Business Model
　4.2 Role of Supporting Technologies
　4.3 Annual Business Plans
　4.4 Centralized and Decentralized IT Functions
　4.5. IT Support Processes
　4.6. Regulatory Compliance
　4.7. Define Audit Subject Areas
　4.8. Business Applications
　4.9. Assessing Risk
5. Performing a Risk Assessment
　5.1 Risk Assessment Process
　　5.1.1 Identify and Understand Business Objectives
　　5.1.2 Identify and Understand IT Strategy
　　5.1.3 IT Universe
　5.2 Ranking Risk
　5.3 Leading IT Governance Frameworks
6. Formalizing the IT Audit Plan
　6.1 Audit Plan Context
　6.2 Assurance and Consulting Services Requests
　6.3 Audit Frequency
　6.4 Audit Plan Principles
　6.5 The IT Audit Plan Content
　6.6 Integration of the IT Audit Plan
　6.7 Validating the Audit Plan
　6.8 The Dynamic Nature of the IT Audit Plan
　6.9 Communicating, Gaining Executive Support, and Obtaining Plan Approval
Appendix: Hypothetical Company Example

GTAG	Title	Guide	PPT	抄訳
01	Information Technology Controls	Guide	PPT	ITコントロール
02	Change and Patch Management Controls: Critical for Organizational Success	Guide	PPT	変更及びパッチ管理の統制
03	Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment	Guide	PPT	継続監査
04	Management of IT Auditing	Guide	PPT	ITコントロール監査の管理
05	Managing and Auditing Privacy Risks	Guide	PPT	プライバシーリスクの管理と監査
06	Managing and Auditing IT Vulnerabilities	Guide	PPT	IT脆弱性の管理と監査
07	Information Technology Outsourcing	Guide	PPT	ITの外部委託
08	Auditing Application Controls	Guide	PPT	業務統制の監査
09	Identity and Access Management	Guide		IDとアクセス管理
10	Business Continuity Management	Guide		事業継続管理
11	Developing the IT Audit Plan	Guide		IT監査計画の立案