Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated.
This Global Technology Audit Guide (GTAG) will provide a thought process to assist the chief audit executive (CAE) in incorporating an audit of Information Security Governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of IS.