![Page 1: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/1.jpg)
1
IT / IS AUDIT PROCESS MODELS (MINDMAPS)
For personal use only – not for distribution
Begin Audit
End Audit
Familiarise Gather Information Create WorkingPapers
Create ProcessMaps
AnnotateRisk
AnnotateControls
EvaluateControls
Risk AppetiteControl
Efficiencyand Costs
ProcessHotspots
ProcessEfficiency Testing
Reporting
![Page 2: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/2.jpg)
Entry meetings
Choose AuditSet Scope and
ObjectivesNotify Management andauditees as necessary
Entry Meetings
Fieldwork
ReportingFollow up
![Page 3: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/3.jpg)
Familiarisation – get to know process flow
Identify Determine Document
a cb
WhatWho
WhenHow
WhereWhy
Possibility ofsignificant
OperationalCompliance
ReportingStrategicRisks?
WhatWho
WhenHow
WhereWhy
WhatWho
WhenHow
WhereWhy
Possibility ofsignificant
OperationalCompliance
ReportingStrategicRisks?
Possibility ofsignificant
OperationalCompliance
ReportingStrategicRisks?
![Page 4: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/4.jpg)
Fieldwork
Choose AuditSet Scope and
ObjectivesNotify Management andauditees as necessary
Entry Meetings
Fieldwork
ReportingFollow up
1. Interviews2. Existing documentation3. Questionnaires4. Observations5. Tests
![Page 5: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/5.jpg)
Determine expected controls
ControlFeedback
a cb
I/P is:CompleteAccurate
AuthorisedAuthenticTraceable
Stored Data is:SecurePrivate
Recoverable
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
End to end reconcilability
Segregation of roles
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
Stored Data is:SecurePrivate
Recoverable
Stored Data is:SecurePrivate
Recoverable
Segregation of roles
O/P is:CompleteAccurate
AuthorisedAuthenticTraceable
![Page 6: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/6.jpg)
Locate actual controls
ControlFeedback
a cb
I/P is:CompleteAccurate
AuthorisedAuthenticTraceable
Stored Data is:SecurePrivate
Recoverable
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
End to end reconcilability
Segregation of roles
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
Stored Data is:SecurePrivate
Recoverable
Stored Data is:SecurePrivate
Recoverable
Segregation of roles
O/P is:CompleteAccurate
AuthorisedAuthenticTraceable
![Page 7: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/7.jpg)
Gap analysisshows missingcontrols
ControlFeedback
a cb
I/P is:CompleteAccurate
AuthorisedAuthenticTraceable
Stored Data is:SecurePrivate
Recoverable
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
End to end reconcilability
Segregation of roles
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
Stored Data is:SecurePrivate
Recoverable
Stored Data is:SecurePrivate
Recoverable
Segregation of roles
O/P is:CompleteAccurate
AuthorisedAuthenticTraceable
Present as expected.
Expected but absent.
ControlFeedback
a cb
I/P is:CompleteAccurate
AuthorisedAuthenticTraceable
Stored Data is:SecurePrivate
Recoverable
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
End to end reconcilability
Segregation of roles
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
Stored Data is:SecurePrivate
Recoverable
Stored Data is:SecurePrivate
Recoverable
Segregation of roles
O/P is:CompleteAccurate
AuthorisedAuthenticTraceable
ControlFeedback
a cb
I/P is:CompleteAccurate
AuthorisedAuthenticTraceable
Stored Data is:SecurePrivate
Recoverable
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
End to end reconcilability
Segregation of roles
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
Stored Data is:SecurePrivate
Recoverable
Stored Data is:SecurePrivate
Recoverable
Segregation of roles
O/P is:CompleteAccurate
AuthorisedAuthenticTraceable
![Page 8: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/8.jpg)
Key application controls
ControlFeedback
a cb
I/P is:CompleteAccurate
AuthorisedAuthenticTraceable
End to end reconcilability
Segregation of roles Segregation of roles
O/P is:CompleteAccurate
AuthorisedAuthenticTraceable
ControlForward
![Page 9: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/9.jpg)
Key network controls
a cb
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
End to end reconcilability
Flow maintainsIntegrity
ConfidentialityAuthenticityAvailability
![Page 10: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/10.jpg)
Key storage controls
a cb
Stored Data is:SecurePrivate
Recoverable
Stored Data is:SecurePrivate
Recoverable
Stored Data is:SecurePrivate
Recoverable
![Page 11: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/11.jpg)
HOST CONTROLSRouter
Packet FilterProxy
Firewall
WhoLimited Few
SkillCompetence
How Security / vulnerability of underlying OS
Rules and RationaleHow tested
How validatedPen testing
Key host controls
![Page 12: 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working](https://reader038.vdocuments.site/reader038/viewer/2022103112/551b3039550346d41a8b4e03/html5/thumbnails/12.jpg)
12
IT / IS AUDIT PROCESS MODELS (MINDMAPS)
For personal use only – not for distribution
Begin Audit
End Audit
Familiarise Gather Information Create WorkingPapers
Create ProcessMaps
AnnotateRisk
AnnotateControls
EvaluateControls
Risk AppetiteControl
Efficiencyand Costs
ProcessHotspots
ProcessEfficiency Testing
Reporting