Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP.com home

Technical Reports


HP Labs

» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» People
» Worldwide sites
» Downloads
Content starts here

Click here for full text: PDF

Using Assurance Models in IT Audit Engagements

Baldwin, Adrian; Beres, Yolanta; Shiu, Simon


Keyword(s): audit; assurance; compliance; Sarbanes-Oxley; SOX; risk; security

Abstract: The document describes an innovative way to assess the effectiveness of internal IT controls where the control framework is first captured in the models and then the models are used to analyse the evidence gathered from the IT environment. The aim is to lift the risk and control management lifecycle from a series of people based processes to one where model based technology enhances, connects and where appropriate automates the process. Modelling in such an approach means capturing the relationship between controls and the way the controls should be analyzed for effectiveness and compliance to regulations and internal policies. This document presents how the model based assurance approach has been applied to automate the analysis of critical IT internal controls during several IT application audits in HP, and the value and benefits we have seen in using models to drive real-time analysis and measurements of the operating environment.

22 Pages

Back to Index

»Technical Reports

» 2009
» 2008
» 2007
» 2006
» 2005
» 2004
» 2003
» 2002
» 2001
» 2000
» 1990 - 1999

Heritage Technical Reports

» Compaq & DEC Technical Reports
» Tandem Technical Reports
Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.