ISACA: IT Assurance Framework - ITAF

ISACA ha pubblicato e reso liberamente disponibile la prima bozza dell’IT Assurance Framework (ITAF) (pdf, 492 K, pp. 66).  ITAF fornisce le linee guida per la progettazione, la conduzione ed il reporting degli incarichi di IT audit e assurance. ITAF si occupa di tre tipologie di standard: generali, di performance e di reporting. Commenti e suggerimenti possono essere inviati entro il 27 settembre 2007 con le modalità indicate nel documento stesso.La versione finale del documento sarà pubblicata entro il 2007.

Indice del documento

  • Section 1000—Information Technology Assurance Framework
    • 1100—ITAF Introduction
    • 1200—Use of the IT Assurance Framework and Standards
  • Section 2000—IT Assurance Standards
    • 2100—Introduction and Use
    • 2200—General Standards
    • 2400—Performance Standards
    • 2600—Reporting Standards
  • Section 3000—IT Assurance Guidelines
    • 3100—Audit and Assurance Guidelines—Introduction and Use
    • 3200—Enterprise Topics
      • 3210 Implication of Enterprisewide Polices, Practices and Standards on the IT Function
      • 3230 Implication of Enterprisewide Assurance Initiatives on the IT Function
      • 3250 Implication of Enterprisewide Assurance Initiatives on IT Assurance Plans and Activities
      • 3270 Additional Enterprisewide Issues and Their Impact on the IT Function
    • 3400—IT Management
      • 3410 IT Governance (Mission, Goals, Strategy, Corporate Alignment, Reporting)
      • 3412 Determining the Impact of Enterprise Initiatives on IT Assurance Activities
      • 3415 Using the Work of Other Experts in Conducting IT Assurance Activities
      • 3420 IT Project Management
      • 3425 IT Information Management
      • 3430 IT Department Plans and Strategy (Budgets, Funding, Metrics)
      • 3450 IT Processes (Operations, HR, Development, etc.)
      • 3470 IT Department Addressing and Managing Risk
      • 3490 IT Support of Regulatory Compliance
    • 3600—IT Audit and Assurance Processes
      • 3610 IT Assurance Guide: Using COBIT
      • 3630 Auditing IT General Controls (ITGC)
      • 3650 Auditing Application Controls
      • 3653 Auditing Traditional Application Controls
      • 3655 Auditing Enterprise Resource Planning Systems
      • 3657 Auditing Alternative Software Development Strategies
      • 3670 Auditing With Computer Assisted Audit Techniques
      • 3690 Selecting Items of Assurance Interest
    • 3800—IT Audit and Assurance Management
      • 3810 IT Audit and Assurance Function
      • 3820 Planning and Scoping—IT Audit and Assurance Objectives
      • 3830 Planning and Scoping the IT Audit and Assurance Work
      • 3840 Managing the IT Assurance Process Execution
      • 3850 Integrating the Audit or Assurance Process
      • 3860 Gathering Evidence
      • 3870 Documenting IT Audit and Assurance Work
      • 3875 Documenting and Confirming IT Assurance Findings
      • 3880 Evaluating Results, Developing Recommendations
      • 3890 Effective IT Audit and Assurance Reporting
  • Section 4000—IT Assurance Techniques (Details provided in section 3000 in illustrative techniques and to be further developed.)
    • 4100—Introduction and Use
    • 4200—Enterprise Topics
    • 4400—IT Management
    • 4600—IT Audit and Assurance Processes
    • 4800—IT Audit and Assurance Management
  • Glossary

Articoli collegati

Link

AG-Vocabolario: