GBQ

Entrepreneurial Spirit. Independent expertise.

IT Audit Control Frameworks

GBQ’s IT audit methodologies are drawn from multiple sources, including Control Objectives for Business & Information Technology (COBIT). COBIT is an IT governance framework and supporting toolset that bridges the gap between control requirements, technical issues and business risks.¬†Other IT Audit and Control Frameworks include:

  • Committee of Sponsoring Organizations (COSO)
  • Sarbanes Oxley Act (SOX)
  • Payment Card Industry Data Security Standards (PCI-DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Federal Financial Institutions Examination Council (FFIEC)
  • Federal Trade Commission (GLBA 6801(b))
  • International Standards Organization (ISO 27002),
  • IT Governance Institute (ITGI),
  • Institute of Internal Auditors (IIA),
  • National Institute for Standards & Technology (NIST),
  • AICPA (Trust Services Principles and Criteria)
  • Generally Accepted System Security Principles (GASSP), and
  • ISACA (Information Systems Audit & Control Association).

GBQ adds value by drawing on years of project experience to build custom risk control matrixes for each of our clients. We strive to provide value in our audits by identifying controls which can be automated, and recommend changes to controls which are not deemed to be particularly useful. We understand that control automation can provide greater efficiency as well as effectiveness, and can also reduce the sample sizes required for audit testing.

 

 

Contact
  • Michael Dickson
  • Director of Information Technology Services
  • (614) 947-5259
  • mdickson@gbq.com