New Guidance From ISACA Helps Assurance Professionals Audit Microsoft Applications


Optimizing internal controls is critical to achieving effective quality assurance and security. To provide audit and assurance professionals with the most up-to-date guidance on auditing Microsoft applications, ISACA, a nonprofit association serving 95,000 IT professionals in 160 countries, has developed new audit programs:

  • Microsoft® SQL Server® Database, which provides management with an independent assessment of the effectiveness of configuration and security of the Microsoft SQL Server database systems within the enterprise’s computing environment
  • Microsoft® Windows File Server, which will focus on the configuration, management, and physical security of a cross-section of the relevant and high-risk file servers in the enterprise

Upcoming audit/assurance programs that will be available soon from ISACA are:

  • Microsoft® SharePoint® 2010, which focuses on the governance, policies and monitoring/oversight functions associated with SharePoint implementation
  • Microsoft® Exchange Server, which helps assurance professionals lock down and audit Exchange Server 2010 and considers components such as security and controls. 

ISACA also recently published an audit program addressing Business Continuity Management, which will provide a business focus on the enterprise business continuity plan, policies, standards, guidelines, procedures, laws and regulations that address maintaining continuous business services. 

“IT is at the heart of what an enterprise and its stakeholders value most: the achievement of the organization’s mission and goals in the most effective, efficient, transparent and auditable way,” said Greg Grocholski, CISA, international vice president of ISACA. The best way of assuring this is to undertake a formal audit of IT controls. ISACA’s audit programs help auditors worldwide add value and improve their enterprise’s operations by providing a template to complete specific assurance processes.”

The audit/assurance programs are based on the standards and guidance in ISACA’s IT Assurance Framework (ITAF). They have been developed by a team of experienced assurance professionals from around the world, representing the latest global expertise, and are peer reviewed. The programs are downloadable in a Word document and can be easily customized to fit a specific operating environment. 

They can also be used by security and business professionals, who will benefit from applying the control objectives and audit steps to make the respective scope areas more robust.

The audit/assurance programs are free for ISACA members and US $45 for nonmembers at ITAF is available at


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copy Protected by Chetan's WP-Copyprotect.