Download (744K; Member Only)
Purchase the Book

  Provide feedback on this document
  Visit the Audit Tools and Techniques Knowledge Center community
  Visit the SharePoint Knowledge Center community

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.

SharePoint is a group of Microsoft architectures with a common purpose—to provide sharing and retention of data in various forms. The audit of SharePoint differs from a routine audit of an application or a technology. The technology is an important component; however, the content and any workflow processes must be of primary focus. The decentralised nature of some SharePoint implementations requires a focus on the governance, policies and monitoring/oversight functions associated with its implementation.

SharePoint 2010 is a complex group of architectures requiring technical expertise and understanding, as well as the ability to evaluate the content vulnerabilities. The audit and assurance professional should have the requisite knowledge of SharePoint architecture, risk and controls and is cautioned not to attempt to conduct an audit/assurance review of SharePoint 2010 utilizing this program as a checklist.

It is the responsibility of the auditor to determine the objectives and scope of the audit, after considering the content or processes managed by the SharePoint environment and the associated risk.