The National Association of State Auditors, Comptrollers Treasurers Search Site Map Feedback Privacy Policy Contact Us

About NASACT
Washington Connection
NASACT Roster
News Center
Technical Updates
Information Security Audit
Members Only
Online Resources
NASACT Community
Conferences & Seminars
Home

Calendar of Events
Staff Directory
Survey Central
NASACT BookStore


Information Systems Security Auditing: Legal and Reporting Considerations

The purpose of this white paper is to lay out some of the considerations that audit organizations might want to include in their planning, performing, and reporting on reviews of information systems and security. The paper is organized by five major areas: audit authority, jurisdictional matters, risk management, audit documentation, and audit reporting. The sections include a general discussion of the issues and concerns related to each area, and offer specific suggestions for actions that audit organizations may want to consider to address them.