The purpose of this sample policy is to control application development and to ensure that application development is ef...

This sample questionnaire evaluates IT management, personnel, contractors, networks, operating systems, applications, ch...

Use this risk control matrix to strengthen your organization’s SDLC controls for effective risk management.

This audit work program includes test steps in the areas of documentation, logging, monitoring and user pool for VPN adm...

This document outlines risks and controls common to the "manage IT assets" process in an RCM format.

This document outlines risks and controls common to the "manage service" process in a risk and control matrix (RCM) form...

This document outlines risks and controls common to the “define IT strategy and organization” process in a risk control ...

Data conversion is the conversion of computer data from one format to another. This process flow details the steps invol...

This document outlines steps to audit an organization’s IT help desk process.

This document outlines steps to audit an organization’s IT infrastructure management strategy process.

In this issue of Board Perspectives: Risk Oversight, we make suggestions for boards to consider as they enhance their ri...

This issue of The Bulletin provides observations for consideration by boards of directors and their audit committees as ...