Monday, October 31, 2011

IT Risk Assessment

Our annual audit play includes specialized information technology audits. The city spends millions of dollars on computers, systems and technologies. To help with performance audits of departments done by our office, we have a technology audit team that help us determine the IT risks to the city. Risk Assessment sets up the inventory of critical IT systems. The inventory is made up of 4 main IT audit categories: IT business processes, business applications, (either existing or under development), IT infrastructure, and IT facilities.

IT audit categories are risk-related using an analysis based on objective technical process maturity score and a judgement based qualitative score. The IT risk assessment methodology is aligned with professional guidance, such as the Institute of Internal Auditors Global Technology Audit Guide on Developing the IT Audit Plan."

As Auditor I would not be doing my job well if our office did not focus on generally accepted IT governance and controls framework. In the age of sabotage and terrorists, we must continue to pay attention to these important IT risks. Check our audit plan on the Auditor's website to read the full details of this important area.

1 comment:

Mary Lou Egan said...

An astute observation. I recently bought some turn-of-the-century books because they were so wonderfully typeset, illustrated and printed. These weren't rare or collectable books but novels and stories that everyday folks would purchase (with a bookplate in the front). I found them at a yard sale alongside mismatched shoes, plastic toys and pressboard furniture - unappreciated. Like the monks during the Dark Ages, Denver Bookbinding is preserving this craft. Thank heaven.

Mary Lou Egan