IT ORGANIZATION AND ADMINISTRATION
· Company and CIO business plan
· Budget/costing
· Management reports
· Performance monitoring and capacity planning
· IT service performance management
· Inventory control
· Project management
· Problem management
· Auditing report
· IT procurement
· Customer service agreements
· Vendor management
· Computer insurance.
IT STRATEGY
· Strategy process
· Strategic management
· EDI (Electronic Data Interchange) strategy.
IT SECURITY
· Management of information security issues
· Information security policy
· Hardware security
· Magnetic media control
· Physical access security
· Operating system and database management
· Application systems
· Networks
· Personnel ethics (IT, users)
· Controls over data and files
· Data protection rules
· Data classification system.
CONTINGENCY PLANNING
· Preliminary planning for critical applications
· Identification of various processing alternatives
· Contingency plan deliverables
· Escrow agreement audit
· Alternate facility review
· Alternate computer vendors review.
SOFTWARE AND COMPUTERIZED DATA – BACK-UP PROCESS
· Back-up policy review
· On-site back-up safe vault review
· Off-site back-up safe vault review
· Recovery testing plan review
· Data back-up media archival/recycling review
· Application software media archival/recycling review
SYSTEM DEVELOPMENT AND MAINTENANCE
· Management review
· Standards and methodologies review
· Software specifications review
· Error correction procedures
· Software package evaluation
· Program library maintenance
· Program and system testing
· User documentation review
· System documentation review
· Emergency procedures review
· Application data retention policy review
· Training plans review
· Audit trail review
· Conversion review
DATA CENTER OPERATIONS
· Operations standards review
· Operations log review
· Consumables review
· Massive/sensitive reports printing
· Media library control
· Media access control
SYSTEMS SOFTWARE MAINTENANCE
· Software asset inventory review
· Maintenance contracts review
· Program library maintenance
· Problem fixing
· Security review
· System documentation review
· Segregation of duties assessment
· Performance monitoring
DATA AND DATABASE MANAGEMENT
· Scope of data management (identification, classification, ownership, distribution, protection, integrity)
· Controls review (management, corporate data model, data-driven methodology, normalization of database structure, synchronization)
· Assessment (data modeling, database procedures, security, DBA personnel, user training, performance monitoring, database integrity)
PERSONAL COMPUTERS
· Management control and procedures review
· Security review
· Technical support audit
· Software development review
· Office applications support/review
USER SUPPORT
· User satisfaction assessment
· Help desk support
· Data back-up review
TELECOMMUNICATIONS AND NETWORKING
· Strategic planning and design review
· Network security review
· Maintenance contract review
· Problem resolution and support
· Change and performance management
APPLICATION CONTROLS AND TESTING
· Processing controls assessment
· Transaction audit trail review
· Data integrity controls review
· Application related integrity controls review (data element validity, file validity, audit trail, network transmission, concurrent updating, feasibility, quality)
· Continuity of application processing
· Transaction tests (as per worksheets
· Help desk support
· Data back-up review