Preserving Electronically Encoded Evidence – Part I
Seeking to preserve electronically encoded evidence implies an incident or event has occurred that will require facts extrapolation for presentation as proof of an irregular, if not illegal act....
View ArticlePreserving Electronically Encoded Evidence – Part II
Conditionally, if the target system is turned off, simply turning the technology on and permitting a ‘boot’ can introduce content changes to files directly or indirectly connected through operating...
View ArticlePreserving Electronically Encoded Evidence – Part III
Creating evidential copies through routine backup procedures will only permit replicating specific files while none of the files with delete indicators are recovered, nor the designated ‘free space’...
View ArticlePreserving Electronically Encoded Evidence – Part IV
Whether target data is in transit or at rest, it is critical that measures are in place to prevent the sought information from being destroyed, corrupted or becoming unavailable for forensic...
View ArticleManaging the Dynamic Uncertainties of IT – Part III
Managerial monitoring of deployed controls focusing on redressing external and internal environment quality assists in ensuring the established fiduciary relationship with stakeholders is fulfilled. An...
View ArticleManaging the Dynamic Uncertainties of IT – Part IV
Selecting a discretionary IT risk management framework imposes defining spending limits, work assignments and information decisions for creating and managing a viable strategically aligned IT...
View ArticleManaging the Dynamic Uncertainties of IT – Part V
The IT program’s ambit generally dictates the risk assessment approach. Regarding techniques, the IT program’s ambit determines ‘what’ will be assessed, ‘how’ it will be assessed and assessment limits....
View ArticleManaging the Dynamic Uncertainties of IT – Part VI
An adequate IT plan describes predetermined objectives, goals as well as ambit with sufficient supporting detail to guide risk assessment development. Correspondingly, IT risk assessment plans should...
View ArticleManaging the Dynamic Uncertainties of IT – Part VII
An IT risk assessment can classify information assets by criticality, sensitivity, and impact on operations. For most entities, comprehensive IT risks evaluations should be iterative and adaptive...
View ArticleManaging the Dynamic Uncertainties of IT – Part VIII
Technology is an enabler, not a solution, for deploying and executing a sound operational strategy. To ensure effectiveness, responsibility for executing an adopted strategy should be shared across the...
View ArticleGovernment-Audit Convergence Part I
Generally, audit has a responsibility for ensuring that (1) independence and objectivity are maintained in all phases of assignments, (2) professional judgment is utilized in planning approaches,...
View ArticleGovernment-Audit Convergence Part II
Government sponsored laws and regulations can influence auditor conduct and impose IT audit practice requirements. Therefore, applying ISACA’s Professional Ethics and Standards, an IT auditor “should...
View ArticleGovernment-Audit Convergence Part III
Professional prudence dictates legal mandates impacting IT-IAP audit practice areas should be thoroughly understood by audit team members prior to proceeding with fieldwork. Specifically, IT auditors...
View ArticleGovernment-Audit Convergence Part IV
Regarding laws and regulations, when professional standards are applied to compliance engagements, an IT auditor has the right to believe that management has established appropriate controls to...
View ArticleGovernment-Audit Convergence Part V
Accountability is responsibility for performance against agreed-upon expectations either stated and/or implied. Professionally, an IT auditor should exercise due caution from disclosing information...
View ArticleGovernment-Audit Convergence Part VI
The most common audit practice laws and regulations influences are evidence collection and perseverance. Where legal compliance audits are decreed, if an illegal act is suspected, IT auditors must...
View ArticleGovernment-Audit Convergence Part VII
Technology deployment and associated management information systems can provide a competitive advantage as well as increased control requirements. Legal noncompliance risks are an irrefutable fact,...
View Article
