One good standard is "Just do it!" :-)). Too often, you'll be auditing
techies who don't care much about proper documentation or documentation at
all. I've encountered instances where I've been asked what needs to be
documented. Using a generic audit program might help your clients
understand what needs to be documented. Often, they'll actually do
something if you can also show the why. I guess that's where a degree comes
in again handy: structured approach, having learned about structuring
problems, documents, projects, etc. Then again, this knowledge can also be
aquired outside of a 4-year full-time course.

cu
-pete

---------------------------------------------------------------------------------------------------------

Peter J. Kunz

Ernst & Young
eSecurity
P.O. Box 5272
8022 Zurich
Switzerland

Phone +41 1 286 4292
Fax      +41 1 286 4014
|------------------------+------------------------+------------------------|
| | Steve Mahoney | |
| | <Steve.Mahoney@audit.|            To: |
| | nsw.gov.au> | cisspstudy@securityfo|
| | 13.07.2001 03:20 | cus.com |
| | |            cc: |
| | | |
| | |            Subject: |
| | | RE: Documentation |
| | | skills |
|------------------------+------------------------+------------------------|

Hi
I would like to a agree with the previous comment. An IT auditor I often
unfortunately find that it is the standard and level of documentation that
often detracts from the overall good conclusion on the working of an IT
department and staff employed in it. If anyone is aware of good standard to
use, I would like to be able to recommend it to my clients

thanks
Steve

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]