ISACA has a free glossary of IT, audit, and security terms that is not only helpful in studying for the CISA exam, but is a good reference guide for new and experienced auditors.
Continue reading →
Like this:
Like Loading...
Filed under Audit, Free, Security, Technology
Tagged as assurance, Audit, black box, chain, cisa, custody, define, definition, download, exam, free, glossary, guide, isaca, materiality, objectivity, reference, sampling, Security, SOD, suspense, wsdl
Always test the test plan and make sure it actually tests the control or risk being assessed. And make sure the tester (especially when you are observing the tester rather than performing the test yourself) actually follows the test plan.
During a segregation of duties (SOD) test for an expense report approval system, an auditor was observing a client perform a test. The client was supposed to enter his user ID into the Approver field to demonstrate that he could not approve his own expense report.
Continue reading →
Like this:
Like Loading...
Filed under Audit
Tagged as auditor, duties, duty, error message, expense report, failure, gain confidence, lowercase, plan, segregation, SOD, test, trick, uppercase
I was checking out the latest post of my new blogger colleague from London, Audit Monkey, and read the following….
I’m sitting here in reflective mood thinking what the ‘Top 10′ worst possible jobs could be. Here’s my list.
Continue reading →
Like this:
Like Loading...
Filed under Audit, Humor/Irony, Top 10
Tagged as 9 to 5, access to systems, analyst, audit monkey, contractor, GOOJ, help desk, homing pigeon, idiot, IDtenT, light bearer], reporter, Security, SOD, system administrator, top 10 worst jobs
I’m surprised at the number of IT auditors who don’t understand Windows and Active Directory (AD) accounts. I can understand auditors who aren’t familiar with Unix, but Windows? Perhaps too many financial auditors are crossing over from the Far Side.
Continue reading →
Like this:
Like Loading...
ISACA has a free glossary of IT, audit, and security terms that is not only helpful in studying for the CISA exam, but is a good reference guide for new and experienced auditors.
ITauditSecurity 