IT Audit - The Institute Of Internal Auditors  


Reference Library: IT Audit Checklists

Checklists for general and IT audits, covering operating systems, firewalls, networks, and Web security. provides the Branch Security Review Checklist and information resources, including e-business and, in the "Bankers Tools" section, an audit workbook and workpaper samples.
CERT Coordination Center Intruder Detection Checklist
This checklist provides suggested steps to determine if a system has been compromised.
CERT Coordination Center Recovering From Root Compromise Checklist
This document provides suggested steps to respond to a UNIX root compromise.
Computerized Self-Evaluation Checklist (CSEC)
The CSEC program provides downloadable checklists and audit capabilities for areas, programs, and processes mandated for auditing within the OPNAVINST 4790.2G system.
COSO Internal Control Checklist
The Journal of Accountancy features a checklist developed by The Committee of Sponsoring Organizations of the Treadway Commission to help senior executives and directors gain a better understanding of their organization's internal control systems.
Description of The ISO 9000 Quality System Checklist
This page introduces visitors to audit checklists and explains how the checklist ensures a complete audit of an organization's ISO 9000 quality system.
NIS Security Checklist
This checklist from Auburn University's College of Engineering offers steps to remove security risks, while retaining NIS' administrative advantages.
Securing Your UNIX Computer Checklist
This document, written by Lorraine Venner, shows system administrators how to secure their HP-UX systems more effectively.
The Small Business Library
This checklist on how to conduct an audit was designed with small businesses in mind and addresses their unique problems and opportunities.
University of Toronto's Computer Security Administration Web Page
This site provides security policies, procedures, and guidelines, as well as a sample disaster recovery plan, links, product reviews, conferences and training, a reference library, and security news.