31 Review plans for making sure that all affected users are trained on use of the new system, software, or process.

Training is an essential element for preparing end users on the functionality and nuances of what has been developed. If training is not given or is inadequate, the new system, software, or process likely will be misused, used ineffectively, or avoided.


Review the training plans and interview users to develop an opinion on its adequacy. Compare a list of planned training recipients with the population of end users to ensure that there are no significant gaps.

32 Ensure that processes are in place for keeping training materials up-to-date. Evaluate change controls and security over the training materials.

As new employees and new users have a need to use the system, they will want to take advantage of the training materials. If these training materials have become outdated (e.g., owing to system changes), the effectiveness of the training materials will be limited.


Look for evidence that would indicate that training has been updated when the system has changed, and review processes for ensuring ongoing maintenance of the documentation. Ensure that files containing documentation are locked down and can be modified only by appropriate personnel (using techniques described in Chapters 6 and 7). Interview appropriate personnel to understand processes for changing critical documents. Ensure that an approval process is required before changes are made to significant documents and that the approval process cannot be circumvented.

IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
Year: 2004
Pages: 159 © 2008-2017.
If you may any questions please contact us: