The following 198 items are listed by Content Data.
Audit Programs
Firewall Audit Work Program
This tool contains four sample work programs that provide general steps organizations can use for conducting a firewall ...
Subscriber Content
Articles
Executive Outlook on Cities and Strategy, 2030
The perspective of global business leaders on cities is extremely positive: 64% of respondents to the Executive Outlook ...
Subscriber Content
Methodologies & Models
IT Support Service Desk Capability Maturity Model (CMM)
This capability maturity model can be used to measure the maturity of an organization’s IT support service desk manageme...
Subscriber Content
Methodologies & Models
IT Program Portfolio Management Capability Maturity Model (CMM)
This capability maturity model can be used to measure the maturity of an organization’s IT portfolio management process ...
Subscriber Content
Policies & Procedures
Record Retention Policy
This tool contains five sample policies that establish standards and procedures for the retention of electronic and pape...
Subscriber Content
Policies & Procedures
Information Technology (IT) Security Policy
This document contains three sample policies that establish guidelines an organization should follow to ensure that its ...
Subscriber Content
Methodologies & Models
IT Management Capability Maturity Model (CMM)
This capability maturity model can be used to measure the maturity of an organization’s IT management process and to ass...
Subscriber Content
Policies & Procedures
Technology Acquisition Policy
Organizations can use this policy to establish guidelines and set forth the appropriate accounting policies related to t...
Subscriber Content
Audit Programs
Network Device Configuration Management Audit Work Program
This work program template highlights general steps an organization should follow with respect to effective network devi...
Subscriber Content
Articles
Skyscrapers Circa 2030: What's Their Place in the Future City?
Here, we discuss the future of cities in 2030 and explore how skyscrapers are an important part of the conversation.
Subscriber Content
Articles
Sustainability and the City: Reinventing the Future With High-Tech and Low-Tech Solutions
The COVID-19 pandemic provides an opportunity to reinvent cities as we know them through both high-tech and low-tech ini...
Subscriber Content
Policies & Procedures
Firewall Administration Policy
This tool contains two policies that establish procedures and requirements to ensure the appropriate protection and cont...
Subscriber Content
Audit Programs
Enterprise Risk Planning (ERP) Integration Architecture Audit Work Program
This work program template provides steps organizations can take to perform an enterprise risk planning (ERP) integratio...
Subscriber Content
Audit Programs
Network Monitoring and Issue Management Audit Work Program
This work program sample provides best-practice general steps and control procedures for a network monitoring and issue ...
Subscriber Content
Articles
Flying Taxis and Digital Twin Cities
Petra Hurtado, research director at American Planning Association (APA), sat down with Protiviti to discuss where she se...
Subscriber Content
Policies & Procedures
IT Contingency Planning Policy
The purpose of this policy is to ensure that information system resources and business processes are protected against s...
Subscriber Content
Policies & Procedures
Virus Protection Policy
This tool contains four sample policies that define best-practice guidelines and procedures for protecting company compu...
Subscriber Content
Risk & Control Matrices - RCMs
Manage Data Center Operations: Metadata Management RCM
This document outlines risks and controls common to metadata management in a risk control matrix (RCM) format.
Subscriber Content
Policies & Procedures
IT Equipment and Information Control Policy
This policy sample establishes guidelines and procedures common to effective company equipment and system information pr...
Subscriber Content
Risk & Control Matrices - RCMs
Manage Data Center Operations: Reference and Master Data Management RCM
This document outlines risks and controls common to reference and master data management in a risk control matrix (RCM) ...
Subscriber Content
Benchmarking Tools
Transaction Authority Risk Key Performance Indicators (KPIs)
This tool contains performance measures and questions an organization can use to enforce and ensure the validity of tran...
Subscriber Content
Audit Programs
Enterprise Resource Planning (ERP) Post-Implementation Review Audit Work Program
This audit program sample provides best-practice general steps for an enterprise resource planning post-implementation r...
Subscriber Content
Risk & Control Matrices - RCMs
Manage Data Center Operations: Data Warehouse and Business Intelligence Management RCM
This document outlines risks and controls common to data warehouse and business intelligence management in a risk contro...
Subscriber Content
Audit Programs
Network Infrastructure Audit Work Program
This document contains three sample work programs that can be used by organizations for conducting an IT network infrast...
Subscriber Content
Audit Programs
Data Conversion Audit Work Program
This tool contains two sample audit programs that provide steps organizations can take to perform a data conversion audi...
Subscriber Content
Benchmarking Tools
IT Change Management Leading Practices
This tool features leading practices that can be used to evaluate and improve an organization’s IT infrastructure.
Subscriber Content
Risk & Control Matrices - RCMs
Manage Security and Privacy: Manage Security Configurations RCM
This document outlines risks and controls common to managing security configurations during the security and privacy man...
Subscriber Content
Policies & Procedures
Information Security Management System Policy
This policy establishes the scope of a company's information security management system and characterizes the interfaces...
Subscriber Content
Benchmarking Tools
Enterprise Security Key Performance Indicators (KPIs)
The purpose of this tool is to encourage dialog and help an organization assess the state of its network security. Areas...
Subscriber Content
Audit Programs
Application Audit Work Program
This tool includes three audit program samples that can be used by organizations to evaluate and improve business unit a...
Subscriber Content
Regulatory Updates
Leveling the Playing Field for Third-Party Risk Management Requirements
In this Flash Report, we summarize the opportunities and key takeaways around third-party risk management lifecycle cons...
Subscriber Content
Checklists & Questionnaires
Preliminary Controls Self-Assessment Questionnaire
This document includes eleven sample questionnaires that internal audit can use to evaluate management's view of the org...
Subscriber Content
Audit Programs
System Pre-Implementation Audit Work Program
This tool contains three sample work programs that highlight general steps organizations should follow when executing a ...
Subscriber Content
Charters
Project Management Charter Template
This sample document provides guidelines for creating an organization's project management charter.
Subscriber Content
Charters
Business Continuity Program Charter
This sample establishes guidelines for developing a business continuity program charter.
Subscriber Content
Job Descriptions
Director of IT Job Description
This job description sample outlines the responsibilities, key selection criteria and general information for the role o...
Subscriber Content
Articles
2021 Offers U.S. Oil and Gas Firms Challenges Laced With Opportunities
Based on the state of the industry at the start of 2021, Protiviti Managing Director Tyler Chase outlines challenges — a...
Subscriber Content
Benchmarking Tools
Data Integrity Risk Key Performance Indicators (KPIs)
This tool contains key performance indicators and questions an organization can use to manage its data integrity process...
Subscriber Content
Benchmarking Tools
System Design Risk Key Performance Indicators (KPIs)
This tool includes key performance indicators and questions an organization should use to evaluate and manage its system...
Subscriber Content
Memos
IT Network Security Scope Memo
The purpose of this memo is to document the assumptions and decision criteria used in scoping the documentation efforts ...
Subscriber Content
Articles
Architecting Your Cloud Infrastructure for Failure (and Resilience)
This article notes five keys to architecting for failure that firms should consider to meet the evolving threat and regu...
Subscriber Content
Benchmarking Tools
IT Performance Risk Key Performance Indicators (KPIs)
This tool outlines leading practices and questions for organizations to consider when evaluating IT performance.
Subscriber Content
Articles
Tech Can Help Oil and Gas Firms Survive Market Turmoil
Protiviti’s Tyler Chase and Justin Turner explain how technology benefits the energy industry and suggest key actions or...
Subscriber Content
Policies & Procedures
Connection to Untrusted Network Standard Policy
This sample policy documents security requirements surrounding network access between a company’s computer network and u...
Subscriber Content
Policies & Procedures
Data Access and User Authentication Policy
The purpose of this access management policy is to ensure that access to all company systems and applications is properl...
Subscriber Content
Policies & Procedures
Technology Purchasing Policy
This sample policy establishes standards and procedures organizations should follow when handling technology-related pur...
Subscriber Content
Policies & Procedures
System Software Development Policy
This template can be used to record a company’s system software development policy and requirements and the responsibili...
Subscriber Content
Policies & Procedures
Printer Policy
This sample printer policy can be used by organizations to facilitate the appropriate and responsible business use of th...
Subscriber Content
Guides
Business Continuity Planning Guide
This tool features two sample guides that can be used for implementing and maintaining an organization’s business contin...
Subscriber Content
Guides
Business Intelligence Overview and Guide
This document includes two sample guides that discuss the meaning, importance and drivers of business intelligence (BI).
Subscriber Content
Audit Reports
Internal Audit Risk Assessment Audit Committee Report
This tool contains two sample audit reports that can be used by auditors to summarize the results of an internal audit r...
Subscriber Content
Articles
Rise of the SPACs: Understanding the Risks and Rewards in This Vogue IPO Vehicle
This article explores the rising popularity of special purpose acquisition companies (SPACs) and shares how they can hel...
Subscriber Content
Checklists & Questionnaires
Vendor Assessment Questionnaire
This tool offers vendor assessment report questions to consider for enhancing outsourced operations common to Sarbanes-O...
Subscriber Content
Articles
A Different Front in the COVID-19 Outbreak: Information Security
This article explores some of the IT factors that administrative and IT health care workers must stay focused on through...
Subscriber Content
Audit Programs
Active Directory Audit Work Program
This tool contains eight sample audit programs that provide general steps to use during an organization’s active directo...
Subscriber Content
Guides
IT and Business Risk Alignment Guide
This tool can be used as a guide for understanding and assessing an organization’s IT and business risk alignment proces...
Subscriber Content
Audit Reports
Telephony Infrastructure VoIP Audit Report
This sample report can be used by auditors for measuring and enhancing an organization's Voice over Internet Protocol (V...
Subscriber Content
Audit Programs
IT Continuity Review Audit Work Program
This sample audit program includes steps that can be used to audit an organization’s IT continuity process.
Subscriber Content
Checklists & Questionnaires
System Development Life Cycle Questionnaire
This tool contains two sample documents that highlight questions to consider when creating and measuring an organization...
Subscriber Content
Audit Programs
IT Asset Management Audit Work Program
This tool contains three sample work programs that outline general steps organizations can use for managing and reviewin...
Subscriber Content
Audit Programs
VoIP Audit Work Program
This sample audit program provides general steps organizations can use to perform an audit of an organization's voice ov...
Subscriber Content
Audit Programs
Data Center Review Audit Work Program
This sample document contains two work programs that outline general steps organizations should take during a data cente...
Subscriber Content
Articles
Getting Ready for the Threat of Cyber Warfare
This article explains the recent rise in malicious cyber activity directed at U.S. industries and government agencies an...
Subscriber Content
Guides
Social Media Risks Guide
This document can be used as a guide for identifying and mitigating social media risks within an organization.
Subscriber Content
Policies & Procedures
IT Data Management Policy
This tool contains two sample policies that outline guidelines and procedures common to an organization's IT data manage...
Subscriber Content
Policies & Procedures
Intranet and Internet Security Policy
This policy establishes guidelines and procedures that must be followed with respect to an organization’s internet and i...
Subscriber Content
Articles
Internal Auditing Around the World, Volume 15: Dawn of the Audit Bots
This article examines some of the key characteristics of next-gen internal audit, drawing directly from the experiences ...
Subscriber Content
Checklists & Questionnaires
Data Center General Controls Questionnaire
This sample questionnaire can be used to measure the processes associated with an organization’s mainframe data center g...
Subscriber Content
Articles
RPA or AI? To Achieve Most Automation Goals, You Need Both
This article explains why an organization’s transformation goals need to leverage both RPA and AI to achieve any signifi...
Subscriber Content
Articles
Accelerating RPA Maturity: Three Ways Consumer Products and Retail Companies Can Step Up Their Game
This article explains some of the reasons consumer products and retail companies struggle to move beyond the planning an...
Subscriber Content
Articles
Energy and Utilities Companies Can Build an On-Ramp to the AI Fast Lane With Intelligent Automation
This article provides tips to help an organization create a road map that will lead them toward sustained innovation exc...
Subscriber Content
Articles
Paving the Way for Sustainable RPA
This article explains how an organization can effectively manage the transition to sustainable long-term RPA solutions a...
Subscriber Content
Checklists & Questionnaires
Data Conversion Compliance Questionnaire
This questionnaire provides an outline for reviewing documentation associated with a data conversion. Sections of the qu...
Subscriber Content
Checklists & Questionnaires
IT Application Security Questionnaire
This sample questionnaire is designed to monitor and enhance an organization's IT application security process.
Subscriber Content
Checklists & Questionnaires
IT Risks and Controls SOX Compliance Questionnaire
This sample questionnaire can be used by management and board members to help determine where controls over information ...
Subscriber Content
Articles
Companies Could Use More CFO Insight, and CFOs Could Use More AI
This article explores the benefits an organization can gain by using AI and machine learning (ML), as outlined in the re...
Subscriber Content
Checklists & Questionnaires
IT Planning Questionnaire
This sample questionnaire can be used to help organizations brainstorm how they can develop a deeper knowledge of the IT...
Subscriber Content
Articles
Leadership Succession Continues to Challenge Consumer Products and Services Companies
In this article, Protiviti Managing Director Rick Childs takes a look at the risk issues affecting the consumer products...
Subscriber Content
Articles
Making RPA Sustainable
Adhering to the three basic principles described in this article will help enterprises ensure that they can achieve and ...
Subscriber Content
Checklists & Questionnaires
IT Capacity and Scalability Risk Questionnaire
This questionnaire outlines business risks and leading practices for both capacity and scalability in the IT business en...
Subscriber Content
Articles
Despite Slow Adoption, Companies Are Putting Artificial Intelligence on Fast Track, Protiviti Survey Finds
This article takes a closer look at the results of the 2018 Global AI and ML Survey, including which global segments are...
Subscriber Content
Checklists & Questionnaires
IT Selection and Integration Risk Questionnaire
IT integration is a process in which separately produced components or subsystems are combined and problems in their int...
Subscriber Content
Checklists & Questionnaires
Data Governance Questionnaire
This sample questionnaire can be used by a company to gain understanding of the business definition of specific data ele...
Subscriber Content
Checklists & Questionnaires
Entity-Level Controls Information and Communication Questionnaire
This questionnaire template provides a number of COSO elements and their related control objectives for entity-level con...
Subscriber Content
Memos
IT Change Management Review Memo
This sample memo summarizes the findings of an internal audit review of an organization’s IT change management process.
Subscriber Content
Requests for Proposals - RFPs
Request for Qualifications: IT Professional Services Qualified Vendor List
This is a sample request for qualified IT services to help create an IT vendor list for multiple-year projects. The info...
Subscriber Content
Articles
Legacy Core Systems Outlook: Advancing Technologies Are Hastening the Necessity to Modernize
This article summarizes key points from Protiviti’s recent white paper on the disruptive influence that the cloud and AP...
Subscriber Content
Benchmarking Reports
2019 Global RPA Survey
To help executives make the most of robotic process automation (RPA), Protiviti partnered with ESI ThoughtLab to survey ...
Subscriber Content
Articles
Enhancing Security Strategy for Cloud-Based Technology
This article includes strategies for addressing cloud risk; the importance of architectural decisions; next steps organi...
Subscriber Content
Checklists & Questionnaires
IT Employee Termination Checklist
This checklist outlines steps to follow when an IT employee stops working for a company.
Subscriber Content
Articles
Hamstrung by Technology: What Organizations Can Do Now to Address Technical Debt
Ed Page, a managing director with Protiviti’s Technology Strategy practice, provides his insights on the growing risk of...
Subscriber Content
Articles
Why Organizations Should Consider a Cybersecurity Program Office
In this article, Protiviti Managing Directors Cal Slemp and Andrew Retrum explain how establishing a cybersecurity progr...
Subscriber Content
Articles
Could Your RPA Implementation Team Be on Board Already?
This article summarizes leaders in finance organizations’ current RPA efforts and suggests how to deliver an RPA impleme...
Subscriber Content
Articles
Ready for RPA? Five Implementation Risks to Keep in Mind
In this article, Protiviti’s Andrew Struthers-Kennedy and Angelo Poulikakos describe five of the most common RPA impleme...
Subscriber Content
Articles
Finance Trends: RPA Paves the Way for Process Improvement
This article explores the broader benefits, challenges and opportunities of robotic process automation (RPA), focusing s...
Subscriber Content
Articles
Transforming AML Compliance With Technology
In this article, Protiviti Managing Directors Shaun Creegan and Vishal Ranjane outline the critical steps to take toward...
Subscriber Content
Articles
Deploying Robots Upstream: How to Evaluate the Opportunities and Make the Business Case
This article explores how exploration and production companies within the oil and gas industry can use RPA by demonstrat...
Subscriber Content
Benchmarking Reports
2018 Global AI and ML Survey
This report paints a picture of how artificial intelligence and machine learning will dramatically change the face of bu...
Subscriber Content
Risk & Control Matrices - RCMs
Manage Service Contracts: Entering Contracts into the System RCM
This document outlines risks and controls common to the ‘‘support end users” process in a risk control matrix (RCM) form...
Subscriber Content
Articles
Is Your Company Approaching Digital Transformation in the Right Way?
Protiviti Digital Leader Jonathan Wyatt explains the difference between a true transformation and what he calls a ‘‘digi...
Subscriber Content
Articles
Robotic Process Automation in Oil and Gas: An Overlooked Opportunity That Can Boost Profits Today
Oil and gas companies have fallen behind other industries in the adoption of robotic process automation, or RPA. Before ...
Subscriber Content
Articles
Modernizing Legacy Systems at Financial Institutions
This paper serves as a good case study for how financial institutions can modernize the legacy systems at the core of th...
Subscriber Content
Checklists & Questionnaires
Information Technology (IT) General Controls Questionnaire
This tool provides questions to consider when assessing a company’s information technology (IT) controls.
Subscriber Content
Newsletters
Is Technical Debt Limiting Your Company’s Competitiveness?
This article presents options to address technical debt and create an organization’s overall road map that is tailored t...
Subscriber Content
Checklists & Questionnaires
IT Operations Management Self-Assessment Questionnaire
This tool is a high-level self-assessment questionnaire for use by an auditee prior to reviewing an organization’s infor...
Subscriber Content
Checklists & Questionnaires
IT Application Management Self-Assessment Questionnaire
This high-level self assessment questionnaire can be used by an auditee prior to a review of IT application management.
Subscriber Content
Performer Profiles
Parkview Health System: Mining Integrated Data for Insights
Innovators look for opportunity in adversity. Parkview Health System found its opportunity in the electronic health reco...
Subscriber Content
Checklists & Questionnaires
IT Asset Management Self-Assessment Questionnaire
This tool includes questions to consider when reviewing an organization’s IT management process.
Subscriber Content
Articles
Regulation at the Speed of Innovation: Developing an Adaptive Risk Strategy for Agile and DevOps Environments
DevOps—a concatenation of development and operations—is a fast and flexible approach to developing and delivering softwa...
Subscriber Content
Articles
AI and the Digital Future of the Insurance Industry
In this article, Protiviti’s Tyrone Canaday takes a dive into three areas that are undergoing the greatest change as a r...
Subscriber Content
Checklists & Questionnaires
IT Infrastructure Control Deficiency Decision Questionnaire
This sample questionnaire helps to determine the severity of any deficiencies cited during the control testing process.
Subscriber Content
Audit Reports
IT General Controls Assessment Report
This sample report provides findings from a current IT general control framework review at a company.
Subscriber Content
Articles
Five Ways Technology, Media and Communications Companies Are Using RPA and AI to Save Money and Improve the Customer Experience
This article explores five emerging AI and RPA applications Protiviti is watching within the technology, media and commu...
Subscriber Content
Checklists & Questionnaires
Information Technology (IT) Infrastructure Questionnaire
This tool helps auditors gather information related to information technology infrastructure, which helps with understan...
Subscriber Content
Audit Reports
Security Assessment Audit Report
This sample report presents the results of an organization's information security audit.
Subscriber Content
Protiviti Booklets
Internal Auditing Around the World: Volume 14
In Volume XIV of Protiviti’s Internal Auditing Around the World, we take a closer look at internal auditors’ challenges ...
Subscriber Content
Articles
Internal Audit’s Role Will Be Key in the GDPR Journey
This article focuses on GDPR’s implication for internal audit specifically. The internal audit function, by virtue of it...
Subscriber Content
Checklists & Questionnaires
General IT Controls Review: Passwords Questionnaire
This tool provides questions to consider while reviewing general IT controls password standards.
Subscriber Content
Articles
Multidisciplinary GRC Requires a Balanced Approach to a Common Language, Scope Management and Program Management
GRC leaders who want to make real, practical strides toward a multidisciplinary GRC environment need to take a well-thou...
Subscriber Content
Benchmarking Reports
2018 IT Audit Benchmarking Survey
The results of the latest global IT Audit Benchmarking Study from ISACA and Protiviti paint a vivid picture of the ways ...
Subscriber Content
Policies & Procedures
Workstation Use Policy
This sample policy outlines the measures and actions an organization uses to safeguard equipment and information on comp...
Subscriber Content
Checklists & Questionnaires
Information Security Risk Assessment Questionnaire
This IT risk assessment questionnaire is designed to assist with reviewing and documenting the risk profile of your orga...
Subscriber Content
Audit Reports
Application Access Audit Report
This sample audit report presents the results of an application access audit performed within a company’s IT environment...
Subscriber Content
Policies & Procedures
Corporate Website Policy
This sample policy helps to ensure that the company website reflects a consistent corporate image that preserves and bui...
Subscriber Content
Audit Reports
IT System Pre-Implementation Review Audit Report
This audit report shares findings from a review of the selected processes that support the IQ4 Epic implementation proje...
Subscriber Content
Checklists & Questionnaires
IT General Controls Survey Questionnaire
This sample tool helps to map IT responses to various questions related to different IT general controls and related pro...
Subscriber Content
Guides
Service-Level Agreement Guide
This sample document can be used by organizations as a guide to developing and understanding service-level agreements (S...
Subscriber Content
Policies & Procedures
Software Acquisition, Implementation and Maintenance: Application Development and Implementation Policy
The purpose of this sample policy is to control application development and to ensure that application development is ef...
Subscriber Content
Policies & Procedures
Sustainability Policy
This sample policy helps to ensure that principles of sustainability are incorporated into actions carried out by the co...
Subscriber Content
Policies & Procedures
Oracle eBusiness Suite Policy
This sample policy outlines procedures for controlling access to and use of the Oracle eBusiness suite and database.
Subscriber Content
Checklists & Questionnaires
IT Due Diligence Questionnaire
This sample questionnaire evaluates IT management, personnel, contractors, networks, operating systems, applications, ch...
Subscriber Content
Guides
Internal Audit’s Role in Cybersecurity Guide
This guide covers the definition of cybersecurity, types of threats and security methods, and internal audit’s role.
Subscriber Content
Benchmarking Tools
External Access Risk Key Performance Indicators (KPIs)
This tool outlines the business risks associated with inappropriate access to systems, data or information and suggests ...
Subscriber Content
Checklists & Questionnaires
IT Process Questionnaire: Computer Operations Management
This sample questionnaire evaluates the effectiveness of computer operations management in an organization. Computer ope...
Subscriber Content
Policies & Procedures
Business Continuity Plan Exercise and Testing Policy
This policy outlines business continuity plan testing guidelines.
Subscriber Content
Policies & Procedures
Infrastructure Policy: Incident Response
This policy establishes the guidelines for preventing, detecting and responding to intrusions and unauthorized access to...
Subscriber Content
Policies & Procedures
Help Desk Infrastructure Policy
This policy establishes guidelines to help assign priority levels to problems reported by end users to a company's IT de...
Subscriber Content
Risk & Control Matrices - RCMs
Manage Systems Development Lifecycle (SDLC) RCM
This document outlines risks and controls common to the “manage systems development lifecycle (SDLC)” process in a risk ...
Subscriber Content
Audit Programs
Virtual Private Network (VPN) Administration Audit Work Program
This audit work program includes test steps in the areas of documentation, logging, monitoring and user pool for VPN adm...
Subscriber Content
Policies & Procedures
Server Configuration Policy
This policy defines the standard security settings utilized on a company's servers.
Subscriber Content
Memos
Delegated Entity Review Memo
This memo focuses on IT SOX readiness procedures for an application, testing change management, computer operations and ...
Subscriber Content
Policies & Procedures
IT Support Policy
This policy outlines procedures for providing company IT support to employees.
Subscriber Content
Risk & Control Matrices - RCMs
Manage IT Assets RCM
This document outlines risks and controls common to the "manage IT assets" process in an RCM format.
Subscriber Content
Risk & Control Matrices - RCMs
Manage Service RCM
This document outlines risks and controls common to the "manage service" process in a risk and control matrix (RCM) form...
Subscriber Content
Protiviti Booklets
Internal Auditing Around the World: Volume 12
In our latest edition of Internal Auditing Around the World, we interviewed 22 inspiring female internal audit leaders w...
Subscriber Content
Audit Programs
AS400 Review Audit Work Program
This work program outlines steps for an AS400 review audit. It identifies major areas to investigate during a general or...
Subscriber Content
Audit Programs
Computer Operations/Job Scheduling Audit Work Program
This audit work program focuses on computer operations and IT job scheduling. Audit objectives and test steps help deter...
Subscriber Content
Audit Programs
UNIX Security Audit Work Program
This audit program outlines steps for reviewing the security of systems running the UNIX operating system.
Subscriber Content
Audit Programs
RACF Mainframe Controls Review Audit Work Program
This audit work program outlines detailed steps to review the controls for an RACF mainframe.
Subscriber Content
Audit Programs
Database Administration Audit Work Program
This audit work program provides steps for a database administration review.
Subscriber Content
Memos
Mobile Device Procurement Memo
This memo outlines an internal audit review of an organization's mobile device procurement process.
Subscriber Content
Audit Programs
IT Project Governance Audit Work Program
This audit work program outlines steps for executing an IT project governance audit.
Subscriber Content
Risk & Control Matrices - RCMs
Define IT Strategy and Organization RCM
This document outlines risks and controls common to the “define IT strategy and organization” process in a risk control ...
Subscriber Content
Audit Programs
HR System Pre-Implementation Audit Work Program
This audit program focuses on testing human resources system controls during the pre-implementation phase.
Subscriber Content
Audit Programs
Electronic Signature (E-Sign) Audit Work Program
The objective of this work program is to assess documented policies and procedures, including business requirements docu...
Subscriber Content
Audit Programs
System Backup Review Audit Work Program
The purpose of this audit program is to review an organization’s system backup procedures.
Subscriber Content
Audit Programs
Commercial Property Lease Application Audit Work Program
This audit program reviews an application that handles transactions related to leasing and renting commercial property.
Subscriber Content
Audit Programs
Software Licensure Compliance Audit Work Program
This sample compliance work program can be modified for scope considerations that will depend on the extent of the softw...
Subscriber Content
Risk & Control Matrices - RCMs
Deploy and Maintain Solutions RCM
This document outlines risks and controls common to the "deploy and maintain solutions" process in a risk control matrix...
Subscriber Content
Audit Programs
Physical Security Audit Work Program
This 45-page work program outlines physical security best practices for data centers and information processing/storage ...
Subscriber Content
Audit Programs
IT Data Management Audit Work Program
This document outlines steps to audit an organization’s data management process and includes a self-assessment questionn...
Subscriber Content
Audit Programs
IT Help Desk Audit Work Program
This document outlines steps to audit an organization’s IT help desk process.
Subscriber Content
Audit Programs
IT Strategy Management Audit Work Program
This document outlines steps to audit an organization’s IT infrastructure management strategy process.
Subscriber Content
Risk & Control Matrices - RCMs
Manage Security and Privacy RCM
This document outlines risks and controls common to the "manage security and privacy" process in a risk control matrix (...
Subscriber Content
Audit Programs
IT Platform Management Audit Work Program
This document outlines steps to audit an organization’s IT platform management process.
Subscriber Content
Audit Programs
IT Operations Management Audit Work Program
This document outlines steps to audit an organization’s IT operations management process.
Subscriber Content
Audit Programs
Desktop Management Audit Work Program
This document outlines steps to audit the process used to deploy software to desktop computers.
Subscriber Content
Audit Programs
IT Application Management Audit Work Program
This sample IT application management audit work program is designed around key risk indicators of potential problems.
Subscriber Content
Audit Programs
End-User Computing Audit Work Program
This work program focuses on auditing end-user computing, specifically concentrating on identifying the IT controls to b...
Subscriber Content
Audit Programs
System Implementation Audit Work Program
The purpose of this work program is to provide the general steps used to review the system implementation process.
Subscriber Content
Process Flows
IT Change Management Process Flow
To regulate information technology (IT) changes from beginning to end, it’s important to have an IT change management pr...
Subscriber Content
Audit Programs
Systems and Application Audit Work Program
The purpose of this work program is to provide the general steps used to perform a systems and application audit.
Subscriber Content
Audit Programs
Information and Communication Audit Work Program
The purpose of this audit work program is to assess, at a high level, and validate key controls in place for the informa...
Subscriber Content
Guides
IT Asset Management Guide
This guide focuses on improvements organizations can make to effectively perform their IT asset management process.
Subscriber Content
Checklists & Questionnaires
Business Continuity Management Self-Assessment Questionnaire
This a self-assessment tool to use prior to a review of the business continuity management process. It gives the auditee...
Subscriber Content
Policies & Procedures
Exceptions and Non-Conformance Policy
This sample outlines a set of policies and procedures governing action to be taken when special circumstances prevent co...
Subscriber Content
Policies & Procedures
Network Security Policy
The purpose of this security policy is to protect user accounts, corporate data, and intellectual property owned by an o...
Subscriber Content
Policies & Procedures
Production System Access Policy
This sample outlines a set of policies and procedures governing access to production systems and applications, and the d...
Subscriber Content
Policies & Procedures
System, Database and Application Administrator Policy
The purpose of this policy is to define the roles, activities, and responsibilities of administrators with regard to acc...
Subscriber Content
Policies & Procedures
Building and Data Center Physical Security Policy
This sample outlines a set of policies and procedures for governing access to company buildings and data centers, to ens...
Subscriber Content
Policies & Procedures
Data Management Policy
This sample outlines a set of policies and procedures to assist an Information Technology Group in backing up server-bas...
Subscriber Content
Policies & Procedures
Data Center Operations & Problem Management Policy
The objective of this document is to provide policy and procedure guidance for conducting major activities in a company'...
Subscriber Content
Policies & Procedures
Production Equipment Security Policy
This sample outlines a set of policies and procedures governing the security of production equipment used in an Internet...
Subscriber Content
Policies & Procedures
IT System Development Life Cycle (SDLC) Methodology Policy
The system development life cycle (SDLC) methodology promotes a controlled business environment where an orderly process...
Subscriber Content
Policies & Procedures
Third-Party Access Policy
The purpose of this policy is to define security policies that apply to temporaries, contractors, consultants, and third...
Subscriber Content
Policies & Procedures
Instant Messaging Policy
This policy outlines a set of procedures for the proper use of instant messaging by company employees.
Subscriber Content
Policies & Procedures
Website Privacy Policy
This sample can be used to create an information privacy policy for a company website.
Subscriber Content
Policies & Procedures
Software Upgrade Policy
The following sample outlines a set of policies and procedures for software upgrades
Subscriber Content
Newsletters
Public Company Readiness: Getting Ready for Prime Time Before the Market Does
In this issue of The Bulletin, we focus on certain aspects of the IPO preparation process, including the need for a rea...
Subscriber Content
Protiviti Booklets
Spreadsheet Risk Management: Frequently Asked Questions
This booklet represents a pragmatic response to spreadsheet risk based on real business needs.
Subscriber Content
Blog
External Access Risk: Key Factors You Need to Know
Many businesses today exchange goods, services, information and knowledge using network-enabled technologi...
Blog
How to Conduct an Up-to-Date Information Security Audit
The point of the article, of course, was that people must focus their attention in the correct places when...
Blog
How to Remarkably Audit Your IT Initiatives
Changes to a company’s information technology (IT) environment, both information systems and the underlying...
Blog
The Three Components of a Successful Systems Design
What is design risk? To “design” is to create, fashion, execute or construct according to plan. The term de...
Blog
What Are the Benefits and Risks Associated With Data Integrity?
Data integrity is the assurance that information can only be accessed or modified by those authorized to a...
Blog
What is Transaction Authenticity?
What Is Transaction Authenticity?
"Transaction authenticity" can be defined as the authentication of a par...
Blog
What You Need to Align IT Management With Business Priorities
The "Holy Grail" for IT has always been to be closely aligned with business efforts. For years, business ha...
Blog
What You Need to Know About Robotic Process Automation
Are You Familiar With Robotic Process Automation?
Robotic process automation (RPA) has been gaining tracti...