Professional Documents
Culture Documents
ard atio
Aw n
IFGICT Standard
Mission
Ana nning
Pla
lysi
s&
The ICT Audit is conducted as part of
the wider accreditation process by ICT Standard
the IFGICT. The aim of an ICT audit is
Process
ign
to review the information system
Des
architecture (including the KPI
documentations), assess the actual
implementation and effectiveness of
ICT ent
controls for a system and to report A udit lem
on any observed operational risks Imp
relating to the operation of the
system to the certification .
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
Evaluating ICT aspects & Review checklist
Interview Gap analysis report
•Appropriate personnel •Standards/ KPI
•Monitoring and Measurement •Documentation
•Evaluation of Compliance
Overview: ICT
Accreditation Diagnostic
Baseline Assessment
Processes •Organizational Structure
•Policies and Procedures
Execute & Record Review & Corrections
START
START 11 22 33
Requirements Satisfactions
Plan Process Check BIA
Business Impact
Define & Preparation Analysis
Measure & Compare
Organization’s BIA Process:
Based ICT Impact
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
ICT Standard Audit: Practical lifecycle / Roles
Roles
Practical lifecycle
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
Legal and Other
Requirements Review & Corrections
ICT –MS Audit Planning Phase Phase B-P
11 22 33
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
ICT-MS: Implementation and Operation Stages
Competence, Training and Operational Control
Awareness
Implementation
and Operation
Stages
6
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
ICT-MS Checking Stages
Evaluation of Compliance
Phase B
2
2
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
Procedures of ICT Management System Review
Training materials
Guidance notes for
ICT Management supplier control
Commitment Assessment Forms for
Checking & audit
implementing
procedures
Developing
operational control Monitoring plan
procedures Implementation Audit plan
Operational control
procedures and work
of the ICT-MS Audit checklist
Audit report
instructions
Audit checklist, Audit report & Corrective action & preventive action report: The checklist focuses on the ICT-MS’s processes and controls allowing an
organization to concentrate on an individual information system.
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
Processes Timeframe
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
ICT Management
Commitment Assessment
RESOURCES
OVERVIEW
The Certification Authority of IFGICT will
receive the compliance Report from the ICT-MS ICT-MS
president of the committee (Audit Aspects Aspects
Committee)and make a judgment based on
the findings of the review to determine if any
residual risk is present in the manner in which
the controls are operated. The (Audit
Committee) with client should provide
detailed information regarding the operation
of controls if they are found to be ineffective
or partially effective to enable the Checking & Implementatio
Certification Authority to make this audit n
assessment. Obtaining certification for an ICT of the ICT-MS
Audit provides an organization /company
with the needed assurance that their
Information systems are compliant with
IFGICT’s best practice ICT guidelines.
Objectives, Targets
and Programme(s)
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org
IFGICT audit objectives focus on substantiating that the internal controls exist and are
functioning as expected to minimize business risk along with given KPIs. These audit objectives
include assuring compliance with legal and regulatory requirements, as well as the
confidentiality, integrity, and availability.
The audit committee by the IFGICT steered by ICT experts above 20 Implementation
years in ICT auditing
and Operation
Stages
review and control.
Copyright notice: This document is provided under audit committee license of Attribution-Non Commercial-Share Alike. For more information on this license, please visit the http://www.ifgict.org