Dear fellow auditors,
I'm being asked to develop a comprehensive list of auditable functions or processes in the I.S./I.T. world and then for every system in our corporation determine if or when this process had been audited or passed on. I've considered using the 2002 CISA review manual as a good basis, but before I reinvent the wheel I thought I'd ask around for what other auditors have done...
Does anybody have a good IT auditing risk model they would be willing to share?
Thanks in Advance,
Tim O'Brien
Timothy P. O'Brien - CISSP, CISA, CFE, CFSA, CBA
Senior IT Auditor
Ball Corporation
(303)-460-3756
[EMAIL PROTECTED]
