New ISACA audit programs include cloud computing focusSeptember 4, 2010
International IT professional focused association ISACA will offer four new audit programs for cloud computing, crisis management, security management and Active Directory. These programs developed by a team of assurance professionals from around the world, claim to represent global expertise, and have undergone peer reviews. Norm Kelson, CISA, CGEIT, CPA, the lead author of these programs says that they are downloadable in a Word document. The ISACA audit programs can be customized to fit specific operating environments. The audit programs will be available to Indian members as well.
According to Sunder Krishnan, the chief risk officer of Reliance Life Insurance and a member of ISACA Chapter Mumbai, new delivery models like the cloud have made auditing and governance more complex for organizations. To tide over these difficulties, professionals from IT, governance, security and risk domains can leverage these ISACA audit programs. Let’s now take a quick look at the features of these new ISACA audit programs:
• The cloud computing audit program covers governance of cloud computing environment, relationships between the service provider and customer, as well as specific control issues. As per Krishnan, this audit program from ISACA will provide the organization’s internal auditors with an opportunity to have a specific audit program for cloud environments. The ISACA audit program will guide an enterprise in terms of the processes and data that can be put on cloud environments, as well as usage patterns and policies for cloud computing. It will also guide enterprise auditors in terms cloud vendor assessment.
• Crisis management audit focuses on pre-crisis planning; scope of the plan (including the relevance of selected crisis scenarios, probability of occurrence, and appropriate responses); as well as testing, maintenance and alignment of the plan with business risks. Krishnan says that although ISACA’s other certifications already provide guidance for business continuity planning, this audit program will go a step further. The new ISACA audit program intends to help organizations on to how to react in crisis scenarios, through scenario building and predictive analysis.
• Information security management features governance, policy, monitoring, incident management, implementing security configurations, and selection of security technologies.
• Windows Active Directory audit from ISACA covers active directory management, secure active directory boundaries, secure domain controllers, physical security of the domain controllers, configuration settings, and secure administrative practices.