2023 IT Examiner School

Examination Takeaways: Summary Review

May be able to significantly reduce the depth of the risk assessment review when:  The risk assessment was recently reviewed by a qualified auditor and found to be adequate.  There have been no changes in management or the environment since the last examination.  The quality of the risk assessment process has been validated

Plan to expand the depth when:  A risk assessment has not been reviewed at least annually.  There have been changes in management and/or environment.  Risks identified do not incorporate Technical, Human, Environmental risks.  The risk assessment has been completed with limited input from other departments.  There are discrepancies between the services/ topology and assets identified in the risk assessment.  Significant audit and independent review findings are evident.  You are not confident in management's responses. Examination Takeaways: Red Flags