This audit work program provides general steps for a virtual private network (VPN) administration audit. It includes test steps in the areas of documentation, logging, monitoring and user pool for VPN administration.

Sample work steps include: review documentation and network diagrams that illustrate any external access points and the risks associated with each; obtain and review policies and procedures governing acceptable use, authorized users and access controls for the VPN and any other remote access paths; verify approval process for VPN access follows documented policies, standards and procedures; and meet with VPN administrator and discuss logging of activities during remote access.