In “Achieving IT GRC Success“, Gartner recommended that enterprises consider six core activities in the Execution phase of the IT GRC practice.
- Risk Assessment
- KRI Measurement and Management
- Ad Hoc Risk Decision Support
- Compliance Management
- Audit Support
- Policy Management
There are many aspects of Audit Support that are discussed in the document, and one of them is creating a partnership between the IT GRC practice and IT operations groups to improve audit outcomes through mock-audits and pre-audit preparation. My colleague Khushbu Pratap, who is a member of Gartner for IT Leaders Governance, Risk and Compliance research group, has just published a toolkit “Toolkit: Avoid Audit Headaches by Planning an Information Security Self-Audit” to jump start or improve self-audit capabilities. The toolkit includes useful resources such as a PowerPoint presentation on self-audit planning and a sample self-audit plan in an Excel worksheet.
Check it out.