ASSESSMENT OF THE IT POLICY SYSTEM
- who will conduct the audit
An outside, third party, company will conduct the audit of RCR IT Policy System. This company is certified and guarantees to test all related systems.
- what will be covered by the audit
Information included in the audit will include RCR’s policies, the policy management system, compliance with any current policies, and the policy creation process.
- when will the audit be conducted
This audit will be conducted as soon as possible, with coordination and scheduling decided upon by the CIO and third party company.
- where will the audit be conducted (locations)
This audit will occur at each of the RCR field offices. All field offices are required to be involved in the process.
- how will be audit be conducted
The audit will be conducted by the third party analyzing RCR’s policies, the policy management system, compliance with any current policies, and the policy creation process. The third party company is seeking to find evidence that not only are policies current and effective in controlling how data is handled but ensuring that employees are following the policies.
“Audit of Policies, Procedures, and Internal Controls Relative to Accounting and Management Systems”. (n.d.). Retrieved from http://www.dcaa.mil/cam/Chapter_05_-_Audit_of_Accounting_and_Management_Systems.pdf