Responding to COVID-19: insight, support and guidance
Contains 18 control matrices, including the overall top-level direction and management, strategic planning, information architecture and technological direction for auditing information technology.
Download contents and samplepdf 52.73 KB
PDF & Word files
Add to basket
IT governance is a part of corporate governance that is concerned with IT performance and how the associated risks are managed. IT governance requires that those responsible for making decisions are accountable for their actions and are able to justify the investments they approve.
In order to assess IT governance and performance, a number of standards, frameworks and measures have been developed. These include:
These and other sources were referred to in order to devise tests for use by general and specialist IT auditors, as well as those concerned with IT governance, in both the public and private sectors. Undertaking these tests will provide a succinct overview of the extent to which IT governance standards are being met, and provide a gap analysis so that the senior management team and the managing body can be made aware of the areas identified for improvement.
The control matrices are based upon the tried and tested Systems Based Auditing (SBA) methodology. However the authors, Exeter City Council’s internal auditors, have enhanced traditional SBA and devised their Enterprise Risk Management Auditing (ERMA) approach by incorporating risk management techniques, particularly those in COSO’s Enterprise Risk Management – Integrated Framework (September 2004).
Series 8 contains 18 control matrices, the first of which covers the overall top-level direction and management and includes the strategic plan, information architecture and technological direction.
These control matrices are essential tools for all those responsible for auditing, reviewing or involved in IT governance, as they provide a means for adding value to their organisations by enabling them to assess an essential IT service that involves significant spend and faces very high risks.
The control matrices are delivered to you as a zip file containing the PDF and the Word files, to enable flexibility of use and tailoring to local circumstances. The PDF comes with a licence for the purchaser to network the matrices throughout the acquiring organisation.
pdf 52.73 KB
A Guide to Enhanced Systems Based Auditing: The Exeter Approach
Systems Based Auditing Control Matrices: Series 1 & 2 (2006 Fully Revised Edition)
Systems Based Auditing Control Matrices: Series 3
Systems Based Auditing Control Matrices: Series 5
Systems Based Auditing Control Matrices: Series 6
Systems Based Auditing Control Matrices: Series 7
Systems Based Auditing Control Matrices: Series 9 – People Management
Systems Based Auditing Control Matrices: Collated Series
The Excellent Internal Auditor: A Good Practice Guide to Skills and Competencies (2011 Edition)