Professional Documents
Culture Documents
CAAT
(Computer-Assisted Audit Techniques) are often employed to help auditors gain insight into a business's IT infrastructure in order to spot potential security weaknesses. CAATs use system-generated audit reports, as well as monitoring technology, to detect and report changes to a system's files and settings. While CAATs can provide definitive data on business systems, auditors must also keep an eye on activities and practices that are not easily quantifiable.
Contd
Are all OSes and applications updated to current levels? How is backup media stored? Who has access to it? Is it up-to-date? How is email security addressed? How is Web security addressed? How is wireless security addressed? Is a disaster-recovery plan in place? Has the plan ever been rehearsed? Have custom applications been tested for security flaws?