journal header

Volume 2, 2017

This Week's Online-Exclusive Feature

Importance of Recertification Completeness in the Control Environment
26 April 2017
Kathleen Martin, CISA, CRISC

Owners of critical business data need to ensure that all application and database user entitlements and privileges are recertified on a periodic basis to make sure that only authorized individuals have access to the enterprise’s data. This article assumes the enterprise has a periodic recertification process in place for their applications and databases. It also emphasizes the need for each enterprise to have a completeness check to validate this key control. Depending on the impacted applications, a gap in this control may have a negative impact on an enterprise’s US Sarbanes-Oxley Act 2002 (SOX) compliance audit or Statement on Standards for Attestation Engagements (SSAE) 16 audit. Read More >>

Indicates Online-Exclusive Content



Podcast  New!
ISACA Journal Volume 1 Podcast

The Automation Conundrum

This Week's Featured Blog

Agile Audit Practice
10 April 2017
Spiros Alexiou, Ph.D., CISAP

Auditors are expected to complete audits on material issues within shorter and shorter time periods. Such audits and their completion depend on the availability of key personnel, who are also increasingly pressed for time as they are involved in day-to-day operations and other, often mission-critical, projects. Yet audit methodology, which involves a rigid separation between audit phases, such as planning, fieldwork and reporting, has failed to keep up with these changing requirements. As a result, the inability to schedule timely meetings with key personnel creates bottlenecks and this causes delays in moving to the next phase typically due to a very small part of the previous phase being incomplete. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

Risk-based Audit Planning for Beginners

The Auditors, IS/IT Policies and Compliance

Preparing for Auditing New Risk, Part 2

Preparing for Auditing New Risk, Part 1

The Soft Skills Challenge, Part 6

The Soft Skills Challenge, Part 5


Full Journal Issues

Volume 2, 2016 Project Management: Methodologies and Associated Risk

Volume 1, 2016 Transforming the Auditor

Volume 6, 2015 The Internet of Things

Volume 5, 2015 Cybersecurity

Volume 4, 2015 Regulations & Compliance

Volume 3, 2015 Governance and Management of Enterprise IT (GEIT)