© SidorArt/Shutterstock.
CHAPTER 4
Auditing Standards and Frameworks
CONDUCTING AUDITS AND ASSESSMENTS is a way of measuring an organization’s adherence to common industry practices. Why is that important? Imagine yourself in front of a regulator or your boss and trying to explain your opinion on the completeness and accuracy of the IT infrastructure control environment. Standards and frameworks are the yardsticks by which an opinion can be formed. These standards and frameworks are the columniations of knowledge and experience of experts across many industries. They represent a path to ensure adherence to many laws, rules, and regulations. In short, close adoption of industry norms through the appropriate standards and frameworks reduces risks and threats to an organization. Equally important, in the event of a data breach or major technology failure, demonstrated compliance to commonly accepted standards and frameworks could provide a defensible position with the regulators.
Organizations should adopt and enhance industry-accepted practices for governance, security, and compliance. Choosing from guiding control standards and frameworks is an ideal start. This chapter explores the importance of such standards and frameworks. This chapter also introduces several popular frameworks and standards in use today. There are still many more. Regardless, all have a common theme of putting in place sensible practices within organizations.