Download (231K; Member Only)
Purchase the Book
Provide feedback on this document
Visit the Identity Management Knowledge Center community
Visit the Audit Tools and Techniques Knowledge Center community
The Identity Management audit/assurance review will provide management with an independent assessment relating to the effectiveness of identity management and its policies, procedures and governance activities.
The review will focus on IdM standards, guidelines and procedures as well as on the implementation and governance of these activities. Application-specific user access management—typically the task of the respective application and not that of the IdM system—is outside the scope of this review.
- Policies and processes to control the development, acquisition, and deployment of software across the organization
- The maturity of these controls, i.e., the degree to which they are “baked into” the deployment of across the organization
The IT audit and assurance professional must have an understanding of good-practice information security processes, IdM practices, and user authentication processes and techniques. Professionals who have achieved CISA certification should have these skills. Technical skills necessary to perform some audit steps may require specific understanding of information security, network analysis, operating systems and database tools. However, given the size and operational complexity of typical organizationwide IdM systems, the audit and assurance professional should seek additional training or assistance from competent technical subject matter experts as appropriate.