The National Association of State Auditors, Comptrollers Treasurers Search Site Map Feedback Privacy Policy Contact Us

About NASACT
Washington Connection
NASACT Roster
News Center
Technical Updates
Information Security Audit
Members Only
Online Resources
NASACT Community
Conferences & Seminars
Home

Calendar of Events
Staff Directory
Survey Central
NASACT BookStore

 

Information Systems Security Auditing: Legal and Reporting Considerations - The purpose of this white paper is to lay out some of the considerations that audit organizations might want to include in their planning, performing, and reporting on reviews of information systems and security. The paper is organized by five major areas: audit authority, jurisdictional matters, risk management, audit documentation, and audit reporting. The sections include a general discussion of the issues and concerns related to each area, and offer specific suggestions for actions that audit organizations may want to consider to address them.

Management Planning Guide for Information Systems Security Auditing - This guide is intended to help audit organizations respond to this expanding use of IT and the concomitant risks that flow from such pervasive use by governments. It applies to any evaluative government organization, regardless of size or current methodology. Directed primarily at executives and senior managers, the guide covers the steps involved in establishing or enhancing an information security auditing capability: planning, developing a strategy, implementing the capability, and assessing results.