Status report
Project proposal approved – March 2007
(Information Technology Advisory Committee)
Work commenced – July 2007
Estimated publication date
– Winter 2011 |
Principal author
Efrim Boritz, PhD, FCA, CA•IT, CA•CISA
Co-author Malik Datardina, CA, CISA
CICA contact
Andrée Lavigne, CA
research.studies@cica.ca |
Project objective
The objective of this project is to prepare a guide that will aim at providing managers, internal and external auditors, control professionals, financial administrators and IT professionals with guidance in designing and implementing appropriate controls focused on the objective of information integrity. It will also provide guidance to internal and external auditors in providing assurance on the effectiveness of the design and operation of such controls. The publication will address the latest techniques in risk-based auditing, compliance procedures and documenting the effectiveness of controls. It will provide guidance in documenting and understanding of technology processing and internal control environments. The publication will be designed to allow IT professionals, security and control professionals, assurance advisors and auditors to design, implement and test the operating effectiveness of control procedures aimed at achieving information integrity. Terms of reference
The publication will include: - Introduction and Overview
- Information Integrity
- Relationship Between Information Integrity and Processing Phases
- Relationship Between Information Integrity and Enablers of Information Integrity
- Information Integrity Risks
- Risks by Processing Phase and Attributes/Enablers
- Controls by Processing Phase and Attributes/Assertions
- Direct Controls by Core Attribute/Assertion
- Enablers by Core Attribute/Assertion
- Audit/Assurance Guidelines
- Appendix
- Comprehensive Summary of Control Techniques
|
