· Ensure Governance Framework Setting and Maintenance Audit/Assurance Program, which helps ensure that there is a consistent and integrated approach aligned with enterprise governance, IT-related decisions are made in line with the enterprise’s strategies and objectives, IT-related processes are overseen effectively and transparently, and the organization is in compliance with legal and regulatory requirements.
· Ensure Benefits Delivery Audit/Assurance Program, which helps auditors verify that optimal value is secured from IT-enabled initiatives, services and assets. It also ensures cost-effective delivery of solutions and services and provides a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently.
· Ensure Risk Optimization Audit/Assurance Program, which helps auditors validate that IT-related enterprise risk does not exceed risk appetite and risk tolerance; the impact of IT risk to enterprise value is identified and managed; and the potential for compliance failures is minimized.
· Ensure Resource Optimization Audit/Assurance Program, which helps auditors determine whether an enterprise’s resource needs are met in the most effective manner, IT costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change.
· Ensure Stakeholder Transparency Audit/Assurance Program, which validates effective and timely communication to stakeholders and an established basis for reporting to increase performance and identify areas for improvement. It also helps verify that IT-related objectives and strategies are in line with the enterprise’s strategy.
“ISACA’s audit programs are flexible and customizable, providing a clear structure that covers all of the COBIT 5 enablers,” said Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, international president of ISACA and appointed Deputy Director-General of the Department of Communities, Child Safety and Disability Services in the Queensland Government, Australia. “These particular programs provide a road map that enable assurance professionals to effectively plan, scope and execute IT assurance initiatives, navigate technology complexity and demonstrate strategic value to IT and business stakeholders.”
The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF) and align with the globally recognized COBIT 5 business framework that helps enterprises govern and manage their information and technology. They have been developed by experienced assurance professionals and are peer reviewed. The programs are downloadable in a Word document and can be easily customized to fit specific operating environments. They also can be used by business and IT professionals, who will benefit from applying the management practices and activities to make the respective scope areas more robust.