Auditors face an onslaught of new technologies, systems and regulations to incorporate into assessments. New audit programs from global technology association ISACA give auditors additional frameworks for toolkits to provide assurance for blockchain, cloud access security brokers (CASBs) and the EU GDPR.
The Blockchain Preparation Audit Program helps organisations manage the preparation for using blockchain technology–the underlying distributed network system often associated with the decentralised cryptocurrency, bitcoin–found in applications across myriad industries. Covering all aspects of blockchain, from pre-implementation, governance, development, security, transactions and consensus, this program guides auditors in identifying and developing key policies, procedures and controls to mitigate risk and streamline processes prior to a blockchain implementation and includes a blockchain technology audit preparation program worksheet. By using this program, auditors gain tools to:
- Provide management with an assessment of whether their proposed blockchain technology control environment is adequately designed and operationally effective
- Identify potential blockchain risks which could result in reputational and/or material financial impact
- Provide management with a holistic perspective on blockchain technology that considers both technical and non-technical factors.
To assist IT auditors assess the effectiveness of CASB solutions, ISACA releases the Cloud Security Access Broker (CASB) Audit Program. Enterprises often use CASBs to manage risks, such as those associated with various deployment models, identity management, and compliance with data drive regulations. This audit program factors in several considerations auditors should keep in mind when assessing whether operational and compliance expectations can be met with their CASB deployment, including:
- Identity management of users, inclusive of privileged users and enhanced access groups
- Mitigation of risks associated with different deployment models
- Asset management and protection through security initiatives such as physical security and though program management (key management and incident response as examples).
Following the 25 May 2018 implementation date, the EU General Data Protection Regulation (GDPR) gives EU residents control over their personal data wherever this data may reside, standardising regulation across the EU and the European Economic Area (EEA) as well as affecting all enterprises that process data from EU/EEA countries. The GDPR Audit Program for Small and Medium Enterprises offers an audit framework to assess how effectively GDPR is governed, monitored and managed. It provides guidance to:
- Provide management with an assessment of GDPR policies and procedures and their operating effectiveness
- Identify control weaknesses which could result in increased use of unsanctioned GDPR solutions (and higher likelihood that the solutions are not detected)
- Evaluate the effectiveness of the organisation’s practices and ongoing management of GDPR.
Blockchain Preparation Audit Program is free to members or for purchase by non-members for US $49. Both Cloud Security Access Broker (CASB) Audit Program and GDPR Audit Program for Small and Medium Enterprises are US $25 for members and US $49 for non-members.
For more information on ISACA’s audit and assurance programs, please visit www.isaca.org/auditprograms.
About ISACA
Now in its 50th anniversary year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 460,000 engaged professionals—including its 140,000 members—in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.
Twitter: www.twitter.com/ISACANews
LinkedIn:www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAHQ
Instagram:www.instagram.com/isacanews/