Mobile Computing Audit/Assurance Program 

 

Bookstore Purchase the Download:  Member US $25 | Non-Member US $50

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community
Knowledge Center  Visit the Audit Guidelines Knowledge Center community


Objective: The Mobile Computing Audit/Assurance Program helps you assess the effectiveness of the controls around risk associated with mobile computing. Through a mobile computing audit, IT auditors can assess their organizations’ practices around areas such as remote access, data loss and malware. This program is designed to help facilitate the enterprise’s evaluation of their mobile computing programs.

Scope: The Mobile Computing Audit/Assurance Program shares control objectives and controls in areas of mobile computing beginning with governance all the way through incident response. The following examples show how each covered area helps the enterprise evaluate its mobile computing programs:

  • Governance: Ensuring policies and practices exist that address scope, responsibilities and procedures around protection of data accessed by, transmitted by and stored on mobile devices.
  • Remote access: Ensuring remote access practices ensure that all users are uniquely identified when accessing company resources.
  • Data loss: Ensuring security measures are adequate to address risk associated with removable media. This includes disclosure, copying or modification of enterprise data and misalignment of position responsibilities and sensitive information.
  • Malware: Ensuring protections are in place to prevent operational disruptions from malware introduced into the enterprise through mobile computing.
  • Incident Response: Ensuring incident response protocols exist for mobile device users from detection and reporting through recovery.

You can customize this document for your unique assurance process environment. Use it as a review tool or starting point to modify for your purposes, rather than as a checklist or questionnaire. Keep in mind that to use this document for maximum effectiveness, you should hold the Certified Information Systems Auditor (CISA) designation or have the necessary subject matter expertise to conduct your assurance process while under the supervision of a professional who holds the CISA designation.