Educause Security Discussion mailing list archives

Fw: [SECURITY] IT Internal Audit Framework

From: Carlos Lobato <clobato () NMSU EDU>
Date: Fri, 9 Jan 2015 20:01:49 +0000

I forgot to mention that internal auditors and external auditors will likely use COBIT as their IT auditing framework - 
http://www.isaca.org/cobit/

________________________________
From: Carlos Lobato
Sent: Friday, January 09, 2015 12:51 PM
To: The EDUCAUSE Security Constituent Group Listserv
Subject: Re: [SECURITY] IT Internal Audit Framework

Vito,

The Internal Auditing profession overall is regulated by the International Professional Practices Framework (IPPF) 
promulgated by The Institute of Internal Auditors<http://www.theiia.org/> (IIA).

At a lower specialize IT level, ISACA<http://www.isaca.org/> has some standards that IT auditors must follow when 
conducting IT audits, but they align with the IPPF.

As far as Higher Ed is concern, The Association of College & University Auditors<http://www.acua.org/> (ACUA) develops 
guidance and resources for higher ed auditors, but they all align with the IPPF framework.

All professional Internal Auditors and their respective Departments follow the IPPF because their practices are 
assessed on a regular basis by independent third parties to conformance with this framework and the outcome is reported 
to their Governing Body i.e. Board of Regents, etc.

Carlos,

Carlos S. Lobato, CISA, CIA, CISSP

IT Compliance Officer

New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003

Phone (575) 646-5902

Fax (575) 646-5278

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Vito Rocco 
<vito.rocco () UNLV EDU>
Sent: Friday, January 09, 2015 12:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IT Internal Audit Framework

Does anyone have an example of an auditing framework that is tailored to higher ed? For now, I don't care what standard 
it is based on. I am just trying to gather some examples. If you have something that you use for internal auditing and 
you would be willing to share it, please feel free to contact me outside of the list.

Thanks,

Vito Rocco, MS-IT, CISSP, EnCE
Information Security Specialist
University of Nevada, Las Vegas
(702) 895-0400 - Office
(702) 895-1847 - Fax
Security Reports to: informationsecurityoffice () unlv edu<mailto:informationsecurityoffice () unlv edu>

Current thread:

IT Internal Audit Framework Vito Rocco (Jan 09)
- Re: IT Internal Audit Framework Carlos Lobato (Jan 09)
  - Fw: [SECURITY] IT Internal Audit Framework Carlos Lobato (Jan 09)
  - Re: IT Internal Audit Framework Jim Dillon (Jan 13)
- Re: IT Internal Audit Framework Spaller, Mary E. (Jan 09)