Blog post

New Self-Audit Toolkit

By Erik Heidt | September 25, 2013 | 0 Comments

Risk ManagementIT GRC+Compliance and Exam Tips

In “Achieving IT GRC Success“, Gartner recommended that enterprises consider six core activities in the Execution phase of the IT GRC practice.

These included:

  • Risk Assessment
  • KRI Measurement and Management
  • Ad Hoc Risk Decision Support
  • Compliance Management
  • Audit Support
  • Policy Management

There are many aspects of Audit Support that are discussed in the document, and one of them is creating a partnership between the IT GRC practice and IT operations groups to improve audit outcomes through mock-audits and pre-audit preparation. My colleague Khushbu Pratap, who is a member of Gartner for IT Leaders Governance, Risk and Compliance research group, has just published a toolkit “Toolkit: Avoid Audit Headaches by Planning an Information Security Self-Audit” to jump start or improve self-audit capabilities. The toolkit includes useful resources such as a PowerPoint presentation on self-audit planning and a sample self-audit plan in an  Excel worksheet.

Check it out.

Thanks, Erik


Comments are closed