Download free ISO 17799/27001 System Development and Maintenance Audit Checklists. The scope of this checklists are:

- Security requirements analysis and specification
- Input data validation
- Control of internal processing
- Message authentication
- Output data validation
- Policy on use of cryptographic controls
- Encryption

Download free Information Security Policy based on ISO 27001/17799 which covers:
Basic Structure
Purpose, Scope, Roles, Enforcement, Administrative Considerations, Definitions.

major policy subjects
Acceptable Use of IT Resources, Account Management, Remote Access, Information Protection, Firewall Management, Special Access Account Management, Network Connection, Wireless Networks, Router

Below sample of Information Technology (IT) Audit Report. This sample templates report could be used to prepare your audit of Management Information System. This template mainly focusing on detail finding and recommendation that should be done by the auditee. The most difficult part of IT audit process is to ensure that every recommendation could be enacted.

The structure of this report are:
1. Audit Objectives: To assess [Name of Company] compliance with the [Name of Standard] Standard
2. Overall conclusion:

Download free ISO 27001 Certification Documentation Checklist. This Checklist contain list of mandatory documentation for ISO 27001 Compliance. So if you're planning to comply with ISO 27001 Information Security Management System (ISMS) standard, then you can use this simple guidelines

So what is the primary objectives of PCAOB Auditing Standard No. 5 Regarding Audits of Internal Control Over Financial Reporting

1. Focus the Audit on Most Important Matters
- Top-down, risk-based approach that emphasizes use of judgment.
- Risk assessment is pervasive throughout the audit, including the identification and testing of controls

2. Eliminate Unnecessary Procedures
- Removing the requirement to evaluate management's process
- Consideration of knowledge from prior years (however, rotation is still not permitted).
- Eliminates “principal evidence” requirement
- Provides flexibility to use the work of others to a greater extent, including within the control environment, and performance of walkthroughs under our direct supervision