I. Audit Approach
As an element of the University’s core business functions, Data Center Operations will be audited every three years using a risk based approach. The IT Data Center Operations is usually responsible for the management, physical controls, and processing of production IT systems. The Data Center is also normally responsible for the installation and maintenance of the operating systems for the computers used to process production IT systems.
The minimum requirements set forth in the “general overview and risk assessment” section below must be completed for the audit to qualify for core audit coverage. Following completion of the general overview and risk assessment, the auditor should use their professional judgment to select areas for additional focus and audit testing.
II. General Overview and Risk Assessment (70 hrs – 23%)
The general overview will include interviews of department management and key personnel; evaluation of policies and procedures associated with business processes and mission; inventory of compliance requirements; consideration of key operational aspects; and an assessment of the information systems environment. Prior audits should be reviewed to determine impact, if any. During the overview, a general understanding of the management structure, compliance requirements, financial issues, daily and routine operations, and efficiency and effectiveness of the operation will be obtained (or updated).
As needed, the general overview will incorporate the use of internal control questionnaires, process flowcharts, and the examination of how documents are handled for key processes.
A. The following t ...