Hello ACUA!
With the release of the IIA's Cybersecurity topical requirement, has anyone settled on how to best show and document conformance, at both an annual plan and individual engagement level? If so, would be willing to share your ideas?
I have thought about using the appendix provided by the IIA, completing it during annual planning activities, and then using a control questionnaire during engagement planning to cover any gaps not previously addressed. My biggest challenge is there are 6 entities in the Texas Tech University System that must be considered and assessed, as each has a separate governance structure, separate network, separate systems, and soon multiple Active Directories.
Any insight and ideas are welcomed and appreciated!
Thanks!
------------------------------
Emily A Knopp, CPA, CISA
Audit Director
Angelo State University/Texas Tech University System
emily.knopp@ttu.edu------------------------------