New VPN Audit Program, Agile auditing publication, and new edition of IT Controls for Sarbanes-Oxley book out now
SCHAUMBURG, Ill.–(BUSINESS WIRE)–As the year winds down, many audit professionals are shifting their focus to 2022 priorities—including developing dynamic new strategies such as agile auditing, revisiting established technologies from a remote or hybrid working environment perspective, and closing any gaps between compliance expectations and current practices—and how they can enhance their skills to meet the needs of the evolving audit landscape. To meet these needs, ISACA has released three new audit resources—its VPN Security Audit Program, Destination: Agile Auditing white paper, and a new edition of its IT Control Objectives for Sarbanes-Oxley publication.
During the pandemic, the reliance on virtual private networks (VPNs) was heightened as many shifted to working from home—as did the need to manage its risks and implement safeguards. ISACA’s VPN Security Audit Program provides a foundation for auditors to provide assurance around the effectiveness of implemented VPN controls, including pre-audit planning, governance and oversight, implementation and configuration, operations, and maintenance and monitoring, to avoid some of the following risks:
- The increase in number of end users combined with extended VPN use may put additional pressure on infrastructure and adversely affect performance.
- Failure to detect unauthorized VPN activity may cause denial of service due to excessive traffic or connection attempts.
- Lack of alignment of data classification requirements with VPN requirements and configuration may impair compliance initiatives that are reliant on data classification.
During the pandemic, organizations embraced methods to increase agility and efficiency, including by using Agile. Destination: Agile Auditing outlines how audit professionals can incorporate Agile principles into their audit methodologies. Auditors can learn the basics about Agile auditing, its benefits, how Agile complements established assurance standards, how developing competency in Agile can enhance the planning, fieldwork, and reporting phases of an audit. The white paper also includes examples of elements from the Agile tool set, including an Agile road map and Agile audit engagement workflows and illuminates key components like sprints, audit backlog and daily standups.
Internal and external auditors, IT auditors and managers, and financial and operational managers can also ensure they are keeping up with the latest guidance in complying with the Sarbanes-Oxley Act in a new edition of ISACA’s IT Control Objectives for Sarbanes-Oxley publication. This latest edition incorporates updated guidance and standards from the Public Company Accounting Oversight Board (PCAOB) and the American Institute of CPAs (AICPA) and its Auditing Standards Board, with updates including:
- Integrating guidance for implementing internal control over financial reporting (ICFR) using COBIT® 2019, for IT and financial management within enterprises and for their internal and external auditors and consultants
- Aligning with COBIT 2019 Focus Area: Information & Technology Risk
- Providing the mapping of the role of COSO Internal Control – Integrated Framework, 2013 to COBIT 2019
- Highlighting technological innovations and their impacts on auditing IT controls
“The audit landscape is constantly shifting as technologies and regulations evolve, making it essential that audit professionals prioritize continuous learning to ensure they are applying the most current and effective audit practices,” says Robin Lyons, IT Audit Professional Practices Lead. “ISACA is committed to equipping the global audit community with the tools they need to deliver the highest audit standards at their organizations.”
ISACA’s VPN Security Audit Program is free for members and US$49 for non-members and can be downloaded at
https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004L5ThEAK.
Destination: Agile Auditing is a free download at
https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004L4qzEAC.
IT Control Objectives for Sarbanes Oxley, 4th edition is US$49 for members and US$79 for non-members and can be downloaded at
https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004LF0QEAW.
Additional audit resources and publications can be found at www.isaca.org/resources/it-audit.
About ISACA
For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews
Contacts
Emily Van Camp, evcamp@isaca.org, +1.847.385.7223
Kristen Kessinger, communications@isaca.org, +1.847.660.5512