Skip to content
GeoDataVision
Thread Options
#2205654 - 02/11/19 06:27 PM IT Audit Risk Assessment
auditor42 Offline
Junior Member
Joined: Jul 2013
Posts: 30
Does everyone have a separate IT Audit Risk Assessment for determining the audit schedule from the Enterprise Wide RA? I am needing to separate the two so I can have a more detailed IT Audit RA. Does anyone have one they would be willing to share?

Return to Top
Audit
#2205796 - 02/12/19 03:58 PM Re: IT Audit Risk Assessment auditor42
osucpa Offline
Diamond Poster
Joined: May 2011
Posts: 1,402
These are always hard questions to answer and each institution is different. Does your IT Department have a Risk Assessment of their processes?

Return to Top
#2205797 - 02/12/19 04:04 PM Re: IT Audit Risk Assessment auditor42
auditor42 Offline
Junior Member
Joined: Jul 2013
Posts: 30
They have a GLBA Risk Assessment that is done by a third party. The third party also does an ebanking and cybersecurity RA for us. But no their is really not one done by the IT Department on their processes.

Return to Top
#2205808 - 02/12/19 04:48 PM Re: IT Audit Risk Assessment auditor42
osucpa Offline
Diamond Poster
Joined: May 2011
Posts: 1,402
I would start there and recommend they create a risk assessment of their processes. Have them start with their critical items. What I have found over the years IT Departments believe everything they do is critical.

Return to Top
#2205849 - 02/12/19 07:22 PM Re: IT Audit Risk Assessment auditor42
auditor42 Offline
Junior Member
Joined: Jul 2013
Posts: 30
Okay, thank you for your help!

Return to Top

Moderator:  Andy_Z