1. The document discusses the objectives, methodologies, and phases of performing an information systems audit. 2. Key methodologies discussed include the top-down and bottom-up approaches, with the top-down being business and risk focused and the bottom-up focusing on control objectives. 3. The phases of an audit include pre-engagement work, data collection through testing, interviews and documentation, data analysis to identify findings and risks, developing recommendations, and reporting results.

1. IS Audit Preparing and Correctly Deploying an Audit Marco Raposo, CISSP-ISSMP, QSAp, ABCP October, 2007

4. System Development Life Cycle and Security Initiation - Security Categorization - Preliminary Risk Assessment Implementation - Inspection and Acceptance - Security Control Integration - Security Certification - Security Accreditation Operations / Maintenance - Configuration Management and Control - Continuous Monitoring Disposition - Information Preservation - Media Sanitization - Hardware and Software Disposal Security Assessment in SDLC Acquisition / Development - Risk Assessment - Security Functional Requirements Analysis - Security Assurance Requirements Analysis - Cost Considerations and Reporting - Security Planning - Security Control Development - Developmental Security Test and Evaluation - Other Planning Components

12. Phase 3 – Data Analysis Measuring Risk RISK