Summary
In this chapter, you learned about the important aspects of enterprise governance and related frameworks that an IS auditor is expected to use during audit assignments. You also explored the practical aspects of IT standards, policies, and procedures. The most important benefit of audit planning is that it helps the auditor focus on high-risk areas. Furthermore, you studied organizational structure, EA, and ERM.
The following are some key takeaways from this chapter:
- EGIT is a process used to monitor and control IT activities. Information security governance is an integral part of overall IT governance. Information security governance addresses concerns regarding the protection of information assets – in other words, the confidentiality, integrity, and availability of the information.
- The primary responsibility and accountability for setting up the IS security policy reside with the board of directors.
- An organization’s mission, vision, and...