Business plan

Audit plan

Security plan

Investment plan

IT strategy committee

Chief information officer

Audit committee

Board of directors

Developing security procedures

Defining a security policy

Specifying an access control methodology

Defining roles and responsibilities

Enable the enterprise to invest in the most appropriate technology

Ensure security controls are implemented on critical platforms

Allow development teams to be more responsive to business requirements

Provide business units with greater autonomy to select IT solutions that fit their needs

An audit clause is present in all contracts

The service level agreement of each contract is substantiated by appropriate key performance indicators

The contractual warranties of the providers support the business needs of the enterprise

At contract termination, support is guaranteed by each outsourcer for new outsourcers

1. To ensure that all audit findings are accepted, addressed and resolved on time

To provide a basis for evaluating the effectiveness and efficiency of the audit process

1. To ensure that auditors are adequately trained, qualified and competent to perform audits

To establish standard procedures for conducting audits, analyzing evidence and reporting findings

The IS auditor should actively participate in the CSA for asset verification.

The IS auditor should suggest that the enterprise incentivize the CSA exercise.

1. The IS auditor should review the CSA outcome and look for other internal controls in place.

The IS auditor should recuse from the CSA exercise, citing repetition/redundancy of work.