Download (304K; Member Only)
  Download—French (886K; Member Only)
Purchase the Book

  Provide feedback on this document
  Visit the Audit Tools and Techniques Knowledge Center community

The primary objectives of the biometric audit/assurance review are to:

• Provide management with an independent assessment of the effectiveness of the architecture and security of the deployed biometric systems and their proper alignment with the enterprise’s IT security policies, information systems architecture, information asset criticality and industry good practices.
• Provide management with an evaluation of the IT function’s preparedness in the event of an intrusion or major failure of one or more biometric systems.
• Identify issues that may impact the security of the enterprise’s physical and logical security stance

The review will focus on the acquisition, architecture, rollout and security of biometric technologies, both the deployed and planned, including, but not restricted to, policies, standards and procedures, as well as resilience to major outages, intrusions or other failures.

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.