Identity Management Audit/Assurance Program

Knowledge Center

Identity Management Audit/Assurance Program Download (Member Only, 2M)
Bookstore Purchase the Book

  Provide feedback on this document
  Visit the Audit Tools and Techniques Knowledge Center community
  Visit the Identity Management Knowledge Center community

The audit/assurance programs reflect the IT Assurance Framework (ITAF) sections 3400—IT Management Processes, 3600—IT Audit and Assurance Processes and 3800—IT Audit and Assurance Management and were developed in alignment with the Control Objectives for Information and related Technology (COBIT^®)—specifically COBIT 4.1.

Objective—The objective of the audit/assurance is to provide management with an independent assessment relating to the effectiveness of identity management and its policies, procedures, and governance activities.

Scope—The review will focus on the identity management standards, guidelines and procedures as well as on the implementation and governance of these activities. Application-specific user access management—typically the task of the respective application and not that of the identity management system—is outside the scope of this review. (The line of demarcation between the two tends to get blurred in a complex enterprise IT infrastructure environment. It would be prudent to include a disclaimer in the audit report, as appropriate, to indicate that the engagement scope does not include review of user access management of individual applications.)

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional holds the Certified Information Systems Auditor (CISA) designation or has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the CISA designation and necessary subject matter expertise to adequately review the work performed.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?

ISACA: Serving IT Governance Professionals

Identity Management Audit/Assurance Program

Quick Links