This book illustrates the importance of business impact analysis, which covers risk assessment, and moves towards better understanding of the business environment, industry specific compliance, legal and regulatory landscape and the need for business continuity. The book provides charts, checklists and flow diagrams that give the roadmap to collect, collate and analyze data, and give enterprise management the entire mapping for controls that comprehensively covers all compliance that the enterprise is subject to have. The book helps professionals build a control framework tailored for an enterprise that covers best practices and relevant standards applicable to the enterprise.
- Presents a practical approach to assessing security, performance and business continuity needs of the enterprise
- Helps readers understand common objectives for audit, compliance, internal/external audit and assurance.
- Demonstrates how to build a customized controls framework that fulfills common audit criteria, business resilience needs and internal monitoring for effectiveness of controls
- Presents an Integrated Audit approach to fulfill all compliance requirements
Table of Contents
Understanding Organizational Context. Performing a Business Impact Analysis. BIA Reporting and Commitment of Resources. Risk Assessment and Reporting. Strategic Planning, Internal Control Structure, Management Oversight, and Reporting Tools. Information Technology All Pervasive to the Enterprise. Alignment of IT with Business Requirement. Comparative Analysis of Requirements for Common Standards and Compliances. Appendix: Templates, Questionnaires, Business Impact Analysis and Risk Analysis Forms.
Priti Sikdar, FCA, CISA, CISM, CRISC, ISO 27001 LA, BS 25999 LA, PRINCE 2 (FC), has over 20 years of experience in the risk, audit and assurance sector which includes industry and profession, audit, internal audit, IT audit, compliance and risk assessments. She is a recognized trainer and speaker and author of two books on her subject. She has worked as Head of Finance for Shipping and Logistics Company. She has been Partner with Ray & Co Chartered Accountants where she performed many bank audits relating to risk based, IS audits and data migration and post-implementation audits. She was also into Sarbanes Oxley Compliance where she was performing ITGC and Revenue modules of SOX. She owned ISA Tutorials where she was teaching Chartered Accountant IT audit, IS systems and how to audit in complex technology environments. Ms. Sikdar has worked with Grant Thornton as Manager Business Risk Services where she has initiated a BS 25999 rollout, SAS 70 assignments and Enterprise Risk assessments. She was with KPMG London where she was doing IT internal audit for Financial Services sector and also was spearheading a big in-house Technology Global Services Project for six divisions of Technology within Risk & Assurance function. Ms. Sikdar has written two books;=: ‘Information Systems Audit & Security’ and ‘Management Information Systems for Final C.A.’ published by Lawpoint Publishers India. Besides, she writes articles and white papers on IS Audit and Business Continuity Planning as well as speaks at international conferences and ISACA local chapters. Her articles are carried in Indo-Swiss and Indo-US magazines and she does a lot of online mentoring for students appearing for CISA and CISM examinations. Ms. Sikdar gives online consulting for US and South Africa regions on third-party assurance, secure infrastructure building, writing of security policies and rolling out an information systems management system in line with ISO 27001 and ISO 22301 standards. As subject matter expert, she is consulted for complex IT audit and control assignments and she is involved in risk assessments and gap analysis for her clients in India. She is also Vice Chairperson of the Global Forum of Disaster Reduction.