IT Audit Process
MIS 5201.001 – Mike Romeu

Week 06 – IT Risk and Controls

Published October 5, 2015 | By Mike Romeu

Time to shift gears and start delving more into IT Risks and Controls. At the beginning of our course we defined Risk as the product of Harm or Vulnerability and its Impact. We also discussed briefly how risk assessments can help us sift through a universe of risks (Risk Universe) to help us define and scope the target of our efforts.

This week will be all about IT risks and controls. Discussing IT services will help us contextualize risks and controls. This will be our starting point. I’d like to offer a simple technique to evaluate and manage risks.

Finally we will also discuss the risks beyond IT activities. These are risks regarding auditing, controls, and sampling.

Readings:

Standards and Guidelines:

  • PS 1202 Risk Assessment in Planning / PG 2202 Risk Assessment in Planning

CISA Review Manual:

  • 1.6.5 Risk-Based Auditing
  • 1.6.6 Audit Risk and Materiality
  • 1.6.7 Risk Assessment and Treatment
  • 1.6.8 Risk Assessment Techniques
Posted in

Leave a Reply

Your email address will not be published. Required fields are marked *

RSS ISACA Now Blog