Download (744K; Member Only)
Purchase the Book
Provide feedback on this document
Visit the Audit Tools and Techniques Knowledge Center community
Visit the SharePoint Knowledge Center community
IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.
SharePoint is a group of Microsoft architectures with a common purpose—to provide sharing and retention of data in various forms. The audit of SharePoint differs from a routine audit of an application or a technology. The technology is an important component; however, the content and any workflow processes must be of primary focus. The decentralised nature of some SharePoint implementations requires a focus on the governance, policies and monitoring/oversight functions associated with its implementation.
SharePoint 2010 is a complex group of architectures requiring technical expertise and understanding, as well as the ability to evaluate the content vulnerabilities. The audit and assurance professional should have the requisite knowledge of SharePoint architecture, risk and controls and is cautioned not to attempt to conduct an audit/assurance review of SharePoint 2010 utilizing this program as a checklist.
It is the responsibility of the auditor to determine the objectives and scope of the audit, after considering the content or processes managed by the SharePoint environment and the associated risk.