Kd reference whether risk

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: isks should be managed to an acceptable level? KD Reference: _______________________________ _ Whether risk assessment approach provides for regularly updated risk assessments at both the global and system specific levels? KD Reference: _______________________________ _ Whether risk assessment procedures are in place to determine that identified risks include both external and internal factors, and take into consideration results of audits, inspections and identified incidents? KD Reference: _______________________________ _ Organisation-wide objectives are included in the risk identification process? KD Reference: _______________________________ _ Whether procedures for monitoring changes in systems processing activity determine that system risks and exposures are adjusted in a timely manner? KD Reference: _______________________________ _ Whether procedures exist for ongoing monitoring and improving of the risk assessment and mitigating controls creation processes? IT Audit Manual Volume III 17 IT Audit Manual No. 90 91 92 93 94 95 96 97 98 99 100 Item Yes Response No KD KD Reference: _______________________________ _ Whether the risk assessment documentation includes: • a description of the risk assessment methodology • the identification of significant exposures and the corresponding risks • the risks and corresponding exposures which are addressed KD Reference: _______________________________ _ Whether probability, frequency and threat analysis techniques are included in the identification of risks? KD Reference: _______________________________ _ Whether qualifications of risk assessment staff are adequate? KD Reference: _______________________________ _ Whether formal quantitative and/or qualitative (or combined) approach exists for identifying and measuring risks, threats, and exposures? KD Reference: _______________________________ _ Whether calculations and other methods are used in the measurement of risks, threats, and exposures? KD Reference: _______________________________ _ Whether risk action plan is used in implementing appropriate measures to...
View Full Document

This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.

Ask a homework question - tutors are online