Information Technology
Audit Process
Business Practices Seminar
Paul Toffenetti, CISA
Internal Audit
29 February 2008
Overview
What is Internal Audit
IT Audit Process
Common IT Audit Observations
So What Should We Do
Questions
Authority and Policies
What is Internal Audit?
Internal auditing is an independent, objective
assurance and advisory activity designed to add
value and improve an organizations operations.
Internal Audit helps organizations accomplish their
objectives by evaluating business risk and controls
and where appropriate, offer recommendations to
improve risk management and governance
processes.
Audit Process
Planning
Testing
Reporting
Follow-up
Planning
Annual Risk Assessment
Preliminary Audit Plan
Board of Visitors Approval
Notification and Request for Information
Understand Your Risks and Controls
Opening Conference
Testing
Security
Backup & Recovery
Resource Management
Web Site
Security Testing
Remote Vulnerability Scans
Servers
Printers
Routers
Workstations
Laptops
If its on the network
we scan it!
Nmap & Nessus
Security Testing
On-Site, Follow-up Vulnerability Tests
Workstations
Laptops Servers
We Test Computers That May Have Security Vulnerabilities!
WinAudit
MSBA
CIS Tools & Benchmarks
Backup & Recovery Testing
You Must Have Effective Controls to Backup & Recover
Critical Data
Resource Management Testing
Computer Hardware & Software
Procurement through Surplus
Web Site Testing
University Relations Web Guidelines & Procedures
Web Development Best Practices
Content Recommendations
Templates
Privacy Statement (Policy 7030)
Web Server & Application Security
Reporting
Observations
When Unexpected Results are Noted
We Solicit Your Comments
Reporting
Recommendations
We May Recommend Opportunities
To Improve Your Controls
Reporting
Management Action Plans
You Develop Plans, Schedules, and Priorities
To Implement Solutions
Reporting
A Final Report is Sent
to
The Board of Visitors
Follow-Up
Follow-Up Actions are Based on Your
Management Action Plan
Progress is Monitored
Some Re-Testing May be Necessary
Board of Visitors is Updated
Audit is closed
Common Audit Observations
Weak Security Settings
Windows Operating System
Common Audit Observations
Missing Security Patches
Operating Systems
Applications
Databases
Common Audit Observations
Misconfigured Anti-Malware Tools
Out-of-Date Threat Signatures
Scans Not Scheduled
Common Audit Observations
Inadequate Access Controls
Weak Passwords & File Permissions
Common Audit Observations
Open Communication Ports
The Hackers Point of Entry
Common Audit Observations
The System Administrators Dilemma
How Much Risk is Senior Management Willing to
Accept?
Security Convenience
So What Should We Do?
Harden Security Settings
Keep Everything Patched
Install and Use Anti-Malware Tools
Enforce Strong Passwords
Close or Filter Communication Ports
Test Your Systems
Support Your System Administrator!
Questions
Success Redefined
You might also like
- Aud 2004 23 2 131Document16 pagesAud 2004 23 2 131Dayarayan CanadaNo ratings yet
- 0 Framework FinalDocument163 pages0 Framework FinalAnonymous cyExpb2100% (1)
- Aud 2003 22 2 53Document17 pagesAud 2003 22 2 53Dayarayan CanadaNo ratings yet
- Aud 2008 27 2 31Document24 pagesAud 2008 27 2 31Dayarayan CanadaNo ratings yet
- Ciia 50741Document25 pagesCiia 50741Dayarayan CanadaNo ratings yet
- IT Audit ProcessDocument24 pagesIT Audit ProcessDayarayan CanadaNo ratings yet
- Ciia 50389Document9 pagesCiia 50389Dayarayan CanadaNo ratings yet
- Audit Committee CharterDocument6 pagesAudit Committee CharterDayarayan CanadaNo ratings yet
- Ciia 50565Document8 pagesCiia 50565Dayarayan CanadaNo ratings yet
- Corporate Corrupt & FraudDocument4 pagesCorporate Corrupt & FraudDayarayan CanadaNo ratings yet
- Tax Teaching Student ManualDocument28 pagesTax Teaching Student ManualDayarayan CanadaNo ratings yet
- Acch 50049Document24 pagesAcch 50049Dayarayan CanadaNo ratings yet
- Canada Difference CorporationDocument8 pagesCanada Difference CorporationDayarayan CanadaNo ratings yet
- Comparative Table Bill C FullDocument10 pagesComparative Table Bill C FullDayarayan CanadaNo ratings yet
- Challenging Misinformation: Canadian Citizenship Law ExplainedDocument4 pagesChallenging Misinformation: Canadian Citizenship Law ExplainedDayarayan CanadaNo ratings yet
- Bill C-24, Strengthening: Canadian Citizenship ActDocument35 pagesBill C-24, Strengthening: Canadian Citizenship ActDayarayan CanadaNo ratings yet
- Corporate Corrupt & FraudDocument4 pagesCorporate Corrupt & FraudDayarayan CanadaNo ratings yet
- Bill C-24 Brief Final April 2014Document15 pagesBill C-24 Brief Final April 2014Dayarayan CanadaNo ratings yet
- Carl C-24 Brief To CimmDocument11 pagesCarl C-24 Brief To CimmDayarayan CanadaNo ratings yet
- Bill C-24 Policy Brief May 2014Document6 pagesBill C-24 Policy Brief May 2014Dayarayan CanadaNo ratings yet
- Canada Tax 2014 FinalDocument7 pagesCanada Tax 2014 FinalDayarayan CanadaNo ratings yet
- British Columbia Tax GuideDocument15 pagesBritish Columbia Tax GuideDayarayan CanadaNo ratings yet
- Auditing The Auditors: Audit SurveyDocument6 pagesAuditing The Auditors: Audit SurveyDayarayan CanadaNo ratings yet
- Sarbanse Oxley - KPMGDocument20 pagesSarbanse Oxley - KPMGDayarayan CanadaNo ratings yet
- The Table SOXDocument5 pagesThe Table SOXDayarayan CanadaNo ratings yet
- 2012 IFRS Foundation Annual ReportDocument56 pages2012 IFRS Foundation Annual ReportEliete SaldanhaNo ratings yet
- Sarbanes OxleyDocument66 pagesSarbanes OxleyCommonSenseCapitalisNo ratings yet
- Audit FeeDocument6 pagesAudit FeeDayarayan CanadaNo ratings yet
- Sarbens Oxley IIADocument57 pagesSarbens Oxley IIADayarayan CanadaNo ratings yet
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeFrom EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeRating: 4 out of 5 stars4/5 (5782)
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceFrom EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceRating: 4 out of 5 stars4/5 (890)
- The Yellow House: A Memoir (2019 National Book Award Winner)From EverandThe Yellow House: A Memoir (2019 National Book Award Winner)Rating: 4 out of 5 stars4/5 (98)
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureFrom EverandElon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureRating: 4.5 out of 5 stars4.5/5 (474)
- Shoe Dog: A Memoir by the Creator of NikeFrom EverandShoe Dog: A Memoir by the Creator of NikeRating: 4.5 out of 5 stars4.5/5 (537)
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaFrom EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaRating: 4.5 out of 5 stars4.5/5 (265)
- The Little Book of Hygge: Danish Secrets to Happy LivingFrom EverandThe Little Book of Hygge: Danish Secrets to Happy LivingRating: 3.5 out of 5 stars3.5/5 (399)
- Never Split the Difference: Negotiating As If Your Life Depended On ItFrom EverandNever Split the Difference: Negotiating As If Your Life Depended On ItRating: 4.5 out of 5 stars4.5/5 (838)
- Grit: The Power of Passion and PerseveranceFrom EverandGrit: The Power of Passion and PerseveranceRating: 4 out of 5 stars4/5 (587)
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryFrom EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryRating: 3.5 out of 5 stars3.5/5 (231)
- The Emperor of All Maladies: A Biography of CancerFrom EverandThe Emperor of All Maladies: A Biography of CancerRating: 4.5 out of 5 stars4.5/5 (271)
- Team of Rivals: The Political Genius of Abraham LincolnFrom EverandTeam of Rivals: The Political Genius of Abraham LincolnRating: 4.5 out of 5 stars4.5/5 (234)
- On Fire: The (Burning) Case for a Green New DealFrom EverandOn Fire: The (Burning) Case for a Green New DealRating: 4 out of 5 stars4/5 (72)
- The Unwinding: An Inner History of the New AmericaFrom EverandThe Unwinding: An Inner History of the New AmericaRating: 4 out of 5 stars4/5 (45)
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersFrom EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersRating: 4.5 out of 5 stars4.5/5 (344)
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyFrom EverandThe World Is Flat 3.0: A Brief History of the Twenty-first CenturyRating: 3.5 out of 5 stars3.5/5 (2219)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreFrom EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreRating: 4 out of 5 stars4/5 (1090)
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)From EverandThe Sympathizer: A Novel (Pulitzer Prize for Fiction)Rating: 4.5 out of 5 stars4.5/5 (119)
- Her Body and Other Parties: StoriesFrom EverandHer Body and Other Parties: StoriesRating: 4 out of 5 stars4/5 (821)
- Book BSBDocument744 pagesBook BSBJeni SodréNo ratings yet
- Quidway S8500 Series Routing Switch System OverviewDocument55 pagesQuidway S8500 Series Routing Switch System OverviewAbdelilah CharboubNo ratings yet
- Data Communication and Networking: Subnetting by MR - Chishala GDocument24 pagesData Communication and Networking: Subnetting by MR - Chishala GMichael SiameNo ratings yet
- System Management With Spacewalk v3Document25 pagesSystem Management With Spacewalk v3zeroxiclanNo ratings yet
- Application Example DRD B Nova EQMDocument26 pagesApplication Example DRD B Nova EQMRobertNo ratings yet
- Steps & Guidelines For E-Assessment For The FacultyDocument2 pagesSteps & Guidelines For E-Assessment For The FacultyvicterpaulNo ratings yet
- BTEQ CommandsDocument5 pagesBTEQ CommandsMohapatra SaradaNo ratings yet
- Wopi Readthedocs Io Wopirest en LatestDocument109 pagesWopi Readthedocs Io Wopirest en LatestMiguel Angel Dorado GomezNo ratings yet
- CLDocument387 pagesCLAnil KumarNo ratings yet
- Ccda Cisco Certified Design Associate Technology Workbook Exam 200-310Document173 pagesCcda Cisco Certified Design Associate Technology Workbook Exam 200-310shubNo ratings yet
- Delta Modulation: A Concise Overview of Key ConceptsDocument12 pagesDelta Modulation: A Concise Overview of Key ConceptsAkash kumarNo ratings yet
- CIO's Guide to Microsoft Azure: Key Benefits and Use CasesDocument31 pagesCIO's Guide to Microsoft Azure: Key Benefits and Use Casespuscasu marin100% (1)
- Single Channel LoRa IoT Kit v2 User Manual-20190205 PDFDocument49 pagesSingle Channel LoRa IoT Kit v2 User Manual-20190205 PDFJames CollinsNo ratings yet
- Rig SenseDocument7 pagesRig SenseAmitKulkarniNo ratings yet
- Open Peer For WebRTC - WhitepaperDocument11 pagesOpen Peer For WebRTC - Whitepaperhookflash100% (1)
- DX DiagDocument10 pagesDX DiagAbayaNo ratings yet
- Real-Time-Clock Selection and Optimization: System ConsiderationsDocument7 pagesReal-Time-Clock Selection and Optimization: System ConsiderationsmadhuvariarNo ratings yet
- MARUDHAR ENGINEERING COLLEGE HOTEL MANAGEMENT PROJECTDocument88 pagesMARUDHAR ENGINEERING COLLEGE HOTEL MANAGEMENT PROJECTMeena Sharma83% (6)
- Storage Characteristics of Call Data Records in Column Store DatabasesDocument28 pagesStorage Characteristics of Call Data Records in Column Store DatabasesDavid WalkerNo ratings yet
- DX DiagDocument37 pagesDX DiagMyk OgbinarNo ratings yet
- 504 Gateway TimeoutDocument10 pages504 Gateway TimeouteskewtNo ratings yet
- Landslide Product Overview DatasheetDocument8 pagesLandslide Product Overview DatasheetShrikrishna KhupasangikarNo ratings yet
- Prometer 100 DLMS Communication Protocol: Document Number: IPD000294 Issue: K 17 July 2018Document38 pagesPrometer 100 DLMS Communication Protocol: Document Number: IPD000294 Issue: K 17 July 2018Sinh Phan100% (1)
- Skema Pep Percubaan Ict 2016Document4 pagesSkema Pep Percubaan Ict 2016SITIZNNo ratings yet
- NODE A Andrew RepeaterDocument5 pagesNODE A Andrew RepeaterWitto PereNo ratings yet
- ACIS BridgeDocument11 pagesACIS BridgemachchharNo ratings yet
- VLab Final Project Report 0.1Document48 pagesVLab Final Project Report 0.1James OnoniwuNo ratings yet
- Marketing Final Project Blackberry Vs IphoneDocument18 pagesMarketing Final Project Blackberry Vs IphoneSalman MughalNo ratings yet
- SGSN Admin ChapterDocument94 pagesSGSN Admin ChapterAbhilash BrahmaNo ratings yet
- A Note On Empanelment of NTA - National Test Center' (NTC)Document7 pagesA Note On Empanelment of NTA - National Test Center' (NTC)Jeetendra SinghNo ratings yet
