OFFICE OF INTERNAL AUDIT Information Technology (IT) Audit Plan

Similar documents
Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

REPORT 2015/149 INTERNAL AUDIT DIVISION

Information Technology General Control Review

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Manchester Metropolitan University Information Security Strategy

PMP Exam Prep Training - 5 Days

REPORT 2015/010 INTERNAL AUDIT DIVISION

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning

Certified Information Security Manager (CISM) Course Overview

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

AUDIT OF ICT STRATEGY IMPLEMENTATION

Cyber Security Supply Chain Risk Management

Council, 26 March Information Technology Report. Executive summary and recommendations. Introduction

Information Security Program Audit Introduction and Survival Guide

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Internal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

CCISO Blueprint v1. EC-Council

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

IT Attestation in the Cloud Era

Cybersecurity for Health Care Providers

10/13/2016 Certified Information Systems Auditor/Prepare for the Exam/Pages/CISASelfAssessment.aspx?

Annual Report on the Status of the Information Security Program

HIPAA Compliance Checklist

A Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist

Certified Information Systems Auditor (CISA)

Evaluating SOC Reports and NEW Reporting Requirements

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Powered by TCPDF (

Business continuity management and cyber resiliency

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

EXAM PREPARATION GUIDE

Protecting your data. EY s approach to data privacy and information security

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Protect Your End-of-Life Windows Server 2003 Operating System

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Understanding and Evaluating Service Organization Controls (SOC) Reports

Keys to a more secure data environment

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers

Tiger Scheme QST/CTM Standard

General Data Protection Regulation

SME License Order Working Group Update - Webinar #3 Call in number:

Public Safety Canada. Audit of the Business Continuity Planning Program

Framework for Improving Critical Infrastructure Cybersecurity

EXAM PREPARATION GUIDE

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)

Objectives of the Security Policy Project for the University of Cyprus

National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018

AUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03

Third Party Security Review Process

ISACA CISA Review Course CHAPTER 1 THE IS AUDIT PROCESS

Information Security Data Classification Procedure

NYDFS Cybersecurity Regulations

Recommendations for Implementing an Information Security Framework for Life Science Organizations

CALENDAR FOR THE YEAR 2018

INTELLIGENCE DRIVEN GRC FOR SECURITY

Aboriginal Affairs and Northern Development Canada. Internal Audit Report Summary. Audit of Information Technology Security.

Audit Report. Chartered Management Institute (CMI)

Security Audit What Why

FIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT. Expression of Interest (EOI) (04/2017)

SECURITY & PRIVACY DOCUMENTATION

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Version 1/2018. GDPR Processor Security Controls

Testers vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7

Safeguarding unclassified controlled technical information (UCTI)

Critical Cyber Asset Identification Security Management Controls

SOC Reporting / SSAE 18 Update July, 2017

Protect Your End-of-Life Windows Server 2003 Operating System

IT risks and controls

REPORT 2015/186 INTERNAL AUDIT DIVISION

CLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016

RiskSense Attack Surface Validation for IoT Systems

ISACA_CertifyMe_CISA _v _626q_by-adison

Audit Report. English Speaking Board (ESB)

CAPM & PMP Exam Preparation Boot Camp

How to Conduct a Business Impact Analysis and Risk Assessment

INFORMATION SECURITY ARCHITECTURE & RISK MANAGEMENT ADEYEMI DINA & SHITTU O. SHITTU

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

STATE OF NORTH CAROLINA

Standard: Risk Assessment Program

International Standard on Auditing (Ireland) 505 External Confirmations

FDIC InTREx What Documentation Are You Expected to Have?

Introduction to ISO/IEC 27001:2005

Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017

OCM ACADEMIC SERVICES PROJECT INITIATION DOCUMENT. Project Title: Online Coursework Management

2019 CERTIFICATION TRAINING SCHEDULE

TAN Jenny Partner PwC Singapore

Telia CA response to Public WebTrust Audit observations 2018

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Council, 8 February 2017 Information Technology Report Executive summary and recommendations

01.0 Policy Responsibilities and Oversight

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Transcription:

2017 Information Technology (IT) Audit Plan

Priority IT Audit Hours Start Duration 1 IT Vendors Selection (Procurement) 250 Apr 5-7 Weeks 2 Application Audit HUB (itslearning) 250 Apr 6 8 Weeks 3 Disaster Recovery 250 June 6 8 Weeks 4 Security / VAPT Assessment 300 July 8-10 Weeks 5 IT Resources 250 Aug 6 8 Weeks 6 Remote Network Access 200 Sept 5-7 Weeks 7 IT Risk Assessment 150 Oct 4 6 Weeks 8 Planning, Monitoring and Reporting 200 Mar 12 Months Total 1,850 2

Following are the audit objective and the risks associated with each entity reviewed. 1. IT Vendors Selection The objective of this audit is to determine whether effective measures are in place related to selection of IT Vendors such as executive sponsorship, business and technical requirements, proposal evaluations and contract negotiations. Weak, inadequate, or nonexistent controls around selection of IT Vendors can result in projects not being completed or services not provided which could impact the business and/or execution of the IT strategy. 2. Application Audit HUB (itslearning) Itslearning is the digital learning platform used by educators and students that provides access to instructional material, coursework, and digital textbooks throughout the school year. The objective of this review is to provide management with an assessment of efficiency and effectiveness of the design and operation of internal controls including but not limited to input, processing, output and integrity controls. Failure to implement effective, efficient and appropriate internal controls over applications may result in the following general risks: Invalid or incorrectly processed transactions Loss of reputation due to inability to deliver services or disclosure of internal issues Costly compensating controls Reduced system availability and questionable integrity of information Inability to satisfy audit/assurance charter, requirements of regulators or external auditors 3. Disaster Recovery The objective of this audit is to provide assurance on the adequacy and appropriateness of the internal controls established for maintaining and executing the department s Disaster Recovery plan. Special consideration that the Disaster Recovery plan strategy meets minimum acceptable standards Inability to restore business operations in the event of a disaster. Not aligning business continuity management to support business strategy. 3

4. Security / VAPT Assessment The objectives of this assessment are to evaluate the design of Unauthorized access to the network, systems and/or data that the security environment, look for vulnerabilities in the network could have a negative impact on HISD or its students. and understand the depth of the impact if the network is penetrated via a Vulnerability Assessment and Penetration Test (VAPT). 5. IT Resources The objective of this review is to provide management with an assessment of the IT resources currently in place, identify resource gaps and provide recommendations to better utilize the current resources. A lack of resources and/or resources not allocated properly could severely impact the IT service delivery model in place that provides support to the entire district. 6. Remote Network Access The objective of this audit is to evaluate the controls in place around remote access to ensure that network assets are protected. A lack of effective security controls around remote access could result in a compromise of network assets which may impact the confidentiality, integrity, and availability of IT assets and data. IT Risk Assessment Identify risks that IT presents to the organization that could adversely affect strategic goals. Identify the IT audit universe, examine the IT auditable units and select areas with the greatest risk exposure to review and include in the IT audit plan. Risk Unidentified or unaddressed IT risks could have a negatively impact HISD or its students. 4

Planning, Monitoring and Reporting An effective planning, monitoring and reporting mechanism ensures that the audits being performed address the audit objectives in an efficient and timely manner. Risk Failure to effectively plan, monitor and report on each engagement could result in budget over-runs and scope not being met. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback