Other IT Resources
Review additional resources available for IT auditing.
- Global Technology Audit Guide (GTAG) series
- Guide to the Assessment of IT Risk (GAIT) series
- Guide to the Assessment of IT Risk (GAIT) series
IT Audit Guidance main page
Project Management Resources
System Conversion Audit article
Internal auditors play a valuable role in ensuring that IT investments are well managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders. Internal auditors need to take a risk-based approach in planning their many activities on IT project audits. With limited audit resources, auditors must focus on the highest-risk project areas, while adding value to the organization. Audit best practices suggest internal auditors should be involved throughout a project's life cycle, not just in post-implementation assessments.
Project Management References (PDF)
MetSIG newsletter (PDF) on PMO measurement Managing major projects (PDF) (Page 10 of NAO report "The Millennium Dome") [full report (PDF)also available]Lessons from the Public Accounts Committee's examination of 25 projects (PDF) - (full issue of Focus 9 (PDF) also available)Tips for managing risk in IT projects (PDF) (figure12 of NAO report "Supporting Innovation: Managing Risk in Government Departments" [full report (PDF) also available]
The Project Management Institute (PMI) provides some excellent materials in support of project management.
Other Project Management Resources
- American Health Information Management Association
- American Society for the Advancement of Project Management, Inc.
Maturity Models
Project Management Office (PMO) and the SEI CMM
- Software Engineering Institute
- ROI of Software Process Improvement by David F. Rico
Resources for the PMO and the SEI CMM
SEI CMM Assessment
ITRB Published Reports
The committee also coordinated the preparation of the third edition of Information Technology Control Guidelines and was involved in various Year 2000 CICA publications. Following reorganization at the CICA in the late 1990s, ITAC's role was broadened to provide support and advice with respect to IT matters as they affect the profession. As such, its focus is now on:
- Emerging IT issues that affect, or may affect, assurance services or financial or business reporting, and
- Responding, commenting and providing advice and assistance on IT matters affecting the profession, when requested.
- road map for auditing e-business, outlining IT-related issues that it feels need to be considered by the Assurance Standards Board
- A booklet, 20 Questions Directors Should Ask About IT; and
- A research report on Electronic Audit Evidence
As part of the research studies program, ITAC is sponsoring the brochure 20 Questions Directors Should Ask About Privacy to guide an organization's board of directors in evaluating personal information privacy issues that might arise in discharging its responsibilities. The brochure might also be of interest to members of other governance bodies, such as audit committees and information technology steering committees. The brochure highlights key questions that directors should ask about their responsibilities with respect to understanding privacy risk, managing privacy risk, implementing a privacy compliance regime and obtaining privacy assurance. The surrounding commentary is drawn from Privacy Compliance: A Guide for Organizations & Assurance Practitioners, also sponsored by ITAC. The guide offers a framework that organizations can use to develop appropriate privacy control systems and discusses the assurance practitioner's role in providing value-added services on privacy.
ITAC is also coordinating a series of white papers on IT topics considered significant to the CA profession and business community:
- Audit & Control Implications of XBRL highlights issues that will need to be considered once XBRL is implemented for financial and business reporting.
- Security for Wireless Systemsfocuses on the main issues that need to be considered when wireless networks and devices like cell phones and personal digital assistants are used for transmission of data.
- Using an Ethical Hacking Technique to Assess Information Security Riskexplores an ethical hacking technique - referred to in the IT community as penetration testing - that organizations are increasingly using to evaluate the effectiveness of information security measures.
OGC's (Office of Government Commerce) Successful Delivery Toolkit describes proven good practice for procurement, programs, projects, risk and service management. The toolkit brings together policy and best practice in a single point of reference. It helps you to ask the critical questions about capability and project delivery; it gives practical advice on how to improve.
AFFIRM Some excellent reports are available. AFFIRM White Papers - Emerging Issues Forum
One of AFFIRM's core objectives is to provide an opportunity for members to participate in the development and implementation of policy effecting federal information technology and information resources management. The featured mechanism to enable such participation is the Emerging Issues Forum. The Emerging Issue Forum (EIF) is open to AFFIRM members and non-members, both federal and industry based. Through the EIF, AFFIRM seeks to select critical emerging issues that require debate, framing, and analysis, and to present reflective implications, findings, and recommendations for consideration by the federal IT/IRM community. To this end, AFFIRM attempts to provide a unique, public/private viewpoint, unconstrained by organizational bounds.