UCF ID: 02070 |
Control Type: Actionable Reports or measurements |
Status: Live |
Metric guidance
Calculation: The calculation for this metric is # of information security audits conducted in compliance with the approved internal or external audit program and schedule / # of information security audits.
Calculation source: No authority document source of information exists. The following formula was used: the number of performed security audits that were in compliance with the requirements of the internal or external audit program and schedule divided by the number of information security audits performed for each business unit (or the organization as a whole) during the reporting period .
The Common Control IDs associated with this metric are as follows:
- • Assess the quality of the audit planning and scheduling criteria. [UCF Control ID 01156]
• Review audit reports and work papers. [UCF Control ID 01146]
Supporting and supported controls
This control directly supports:
- • Establish and maintain an internal and external audits metrics program. [UCF Control ID 02068]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE16.2; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.2
US Federal Security Guidance
The organization must measure and report on the percentage of information security audits conducted in compliance with the approved internal/external audit program and schedule. [ISPE16.2, CISWG Information Security Program Elements, January 10,2005]
General Guidance
The purpose of this measurement is to measure the percentage of information security audits conducted in compliance with the approved internal and external audit program and schedule. [§ 18.2, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.