auditor42
Junior Member
Joined: Jul 2013
Posts: 30
Does everyone have a separate IT Audit Risk Assessment for determining the audit schedule from the Enterprise Wide RA? I am needing to separate the two so I can have a more detailed IT Audit RA. Does anyone have one they would be willing to share?
#2205797 - 02/12/1904:04 PMRe: IT Audit Risk Assessment auditor42
auditor42
Junior Member
Joined: Jul 2013
Posts: 30
They have a GLBA Risk Assessment that is done by a third party. The third party also does an ebanking and cybersecurity RA for us. But no their is really not one done by the IT Department on their processes.
#2205808 - 02/12/1904:48 PMRe: IT Audit Risk Assessment auditor42
osucpa
Diamond Poster
Joined: May 2011
Posts: 1,406
I would start there and recommend they create a risk assessment of their processes. Have them start with their critical items. What I have found over the years IT Departments believe everything they do is critical.