Types of Information Systems Audits

Type of Audit	Description
Application Review	Interviews, testing, demonstrations Server and application Security architecture Test controls Test of authorized user employment status Test of adherence to policies Server configuration Access controls User management Password policy/standards System monitoring Backup and recovery Change control
Application Overview	Interviews only Access controls User management Password policy/standards Systems monitoring Backup and recovery Change control
Desk Top Management	Software inventory Hardware inventory Software license management Desktop support (including agreements)
IT Department Review	Review of change control process Authorization procedures for new users Process for disabling access for terminated employees Disaster recovery and business resumption plans Security incident handling Inventory and software licensing procedures
LAN Network Review	Detailed review of network management Server configurations including security parameters Routers access control lists User management Directory structure and protections Event logging and system monitoring Network monitoring