MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Welcome to MSMVPS.COM Sign in | Help
in Search
Home Blogs Media Groups

Harry Waldron - Microsoft MVP Blog

Security News and Best Practices for corporate and home users

Sarbanes-Oxley 404 Requirements - IIA's GAIT and GTAG free resources

Idea In the Sarbanes-Oxley business forums, these free guidelines were shared as resources that can provide companies with SOX 404 compliancy. The Institute of Internal Auditors (IIA) have developed some excellent documents that help ascertain Information Technology risk requirements. 

IIA's Guide to the Assessment of IT Risk (GAIT) Methodology
http://www.theiia.org/guidance/technology/gait/

Download The GAIT Methodology. (PDF, 2MB)
http://www.theiia.org/guidance/technology/gait/gait-methodology/

QUOTE: The GAIT Methodology is a risk-based approach to assessing the scope of IT general controls. It is an approach for evaluating whether any ITGC deficiencies identified during Section 404 assessments represent material weaknesses or significant deficiencies. The Guide to the Assessment of IT Risk (GAIT) series describes the relationships among risk to the financial statements, key controls within business processes, automated controls and other critical IT functionality, and key controls within IT general controls (ITGC)

Global Technology Audit Guide (GTAG) Document Library
http://www.theiia.org/guidance/technology/gtag/

QUOTE: Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide(GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. The GTAG series serves as a ready resource for chief audit executives on different technology-associated risks and recommended practices.

After navigating to the GTAG link noted above, please click on the links below to download the free guides in PDF format.

Guide 9: Identity and Access Management
(Purchase printed version from The IIA Research Foundation Bookstore)

Guide 8: Auditing Application Controls
(Purchase printed version from The IIA Research Foundation Bookstore)

Guide 7: Information Technology Outsourcing
(Purchase printed version from The IIA Research Foundation Bookstore)

Guide 6: Managing and Auditing IT Vulnerabilities
(Purchase printed version from The IIA Research Foundation Bookstore)

Guide 5: Managing and Auditing Privacy Risks
(Purchase printed version from The IIA Research Foundation Bookstore)

Guide 4: Management of IT Auditing
(Purchase printed version from The IIA Research Foundation Bookstore)

Guide 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
(Purchase printed version from The IIA Research Foundation Bookstore

Guide 2: Change and Patch Management Controls: Critical for Organizational Success
(Purchase printed version from The IIA Research Foundation Bookstore)

Guide 1: Information Technology Controls
(Purchase printed version from The IIA Research Foundation Bookstore)

GTAG Overall Slides (PPT, 475KB)
GTAG presentation slides highlight what is GTAG, who is GTAG target audience, who are involved the GTAG development, guides published, future topics and etc.

Only published comments... Mar 27 2008, 10:39 PM by harry

Leave a Comment

(required) 
(optional)
(required) 
Submit

This Blog

Syndication

Recent Posts

Archives

Personal Links


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems