Pau Lo
asked on
application management
Hey,
what kind of things are included in an application management audit?
We have an app security and management audit of our payroll app coming up, security side of things I can make an educated guess on what will be involved. On the management side would it be things like change control, i..e this is fat client app so roll out of new software based on new versions goes through CC?
Any other issues?
what kind of things are included in an application management audit?
We have an app security and management audit of our payroll app coming up, security side of things I can make an educated guess on what will be involved. On the management side would it be things like change control, i..e this is fat client app so roll out of new software based on new versions goes through CC?
Any other issues?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Are you an IT auditor breadtan/slemmesmi? Or IT security professional?
Dear pma111,
Neither; I am senior system engineer with strong IT Governance awareness and CISA exam passed.
Examples of controls for (COBIT based, and I am sure you can map those to ITIL):
b. Quality (effectiveness and efficiency)
Create and maintain corporate/enterprise information model.
Create and maintain corporate data dictionary(ies).
Establish and maintain a data classification scheme.
Provide data owners with procedures and tools for classifying information systems.
Utilise the information model, data dictionary and classification scheme to plan optimised business systems.
Establish IT organisational structure, including committees and linkages to the stakeholders and vendors.
Design an IT process framework.
Identify system owners.
Identify data owners.
Establish and implement IT roles and responsibilities, including supervision and segregation of duties.
c. Fiduciary (compliance and reliability)
See 'b' above, plus:
Identify fiduciary requirements.
Identify legal requirements, ownership and reporting.
d. Service
Create a framework for defining IT services.
Build an IT service catalogue.
Define SLAs for critical IT services.
Define OLAs for meeting SLAs.
Monitor and report end-to-end service level performance.
Review SLAs and UCs.
Review and update IT service catalogue.
Create service improvement plan.
BIA!!!!
e. Capacity
Establish a planning process for the review of performance and capacity of IT resources.
Review current IT resources’ performance and capacity.
Conduct IT resources’ performance and capacity forecasting.
Conduct gap analysis to identify IT resources mismatches.
Conduct contingency planning for potential IT resources unavailability (again BIA!!!!!)
Continuously monitor and report the availability, performance and capacity of IT resources.
Kind regards,
Soren
Neither; I am senior system engineer with strong IT Governance awareness and CISA exam passed.
Examples of controls for (COBIT based, and I am sure you can map those to ITIL):
b. Quality (effectiveness and efficiency)
Create and maintain corporate/enterprise information model.
Create and maintain corporate data dictionary(ies).
Establish and maintain a data classification scheme.
Provide data owners with procedures and tools for classifying information systems.
Utilise the information model, data dictionary and classification scheme to plan optimised business systems.
Establish IT organisational structure, including committees and linkages to the stakeholders and vendors.
Design an IT process framework.
Identify system owners.
Identify data owners.
Establish and implement IT roles and responsibilities, including supervision and segregation of duties.
c. Fiduciary (compliance and reliability)
See 'b' above, plus:
Identify fiduciary requirements.
Identify legal requirements, ownership and reporting.
d. Service
Create a framework for defining IT services.
Build an IT service catalogue.
Define SLAs for critical IT services.
Define OLAs for meeting SLAs.
Monitor and report end-to-end service level performance.
Review SLAs and UCs.
Review and update IT service catalogue.
Create service improvement plan.
BIA!!!!
e. Capacity
Establish a planning process for the review of performance and capacity of IT resources.
Review current IT resources’ performance and capacity.
Conduct IT resources’ performance and capacity forecasting.
Conduct gap analysis to identify IT resources mismatches.
Conduct contingency planning for potential IT resources unavailability (again BIA!!!!!)
Continuously monitor and report the availability, performance and capacity of IT resources.
Kind regards,
Soren
IT Professional primary focus is cyber security.
ASKER
Bit can you give perhaps 3 examples of controls for:
b. Quality (effectiveness and efficiency)
c. Fiduciary (compliance and reliability)
d. Service
e. Capacity