Knowledge Base

As mentioned throughout this chapter, the specifics of entity-level controls will vary from company to company. However, the best general sources of information on IT-specific entity-level controls can be found on the Information Systems Audit and Control Association (ISACA) website (, where details on the control objectives for information and related technology (CoBIT) framework and guidelines for Sarbanes-Oxley IT compliance testing are available. In addition, general guidelines on entity-level controls (not specific to IT) and links to resources related to the popular Committee of Sponsoring Organizations (COSO) model of internal controls can be found on the website for the Institute of Internal Auditors (IIA) at Finally, your external auditors likely will have some published guidelines to share with you on this topic.

IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
Year: 2004
Pages: 159 © 2008-2017.
If you may any questions please contact us: