🔍
Home Professional IT/IS Audit
Professional — Banking & Finance GRC

IT/IS Audit

Practical audit methodology, working papers, and field guidance for IT and security auditors.

1
Articles published
AUDIT WORKPAPER REF-01 AUDIT OBJECTIVES Access control effectiveness > Testing access controls... > Sampling user accounts... > EXCEPTION: patch gap _ EVIDENCE COLLECTED CONTROL STATUS RISK MFA Policy PASS L Patch Mgmt FAIL H Audit Logs FAIL H AUDITOR S. Golder — CISA, CEH March 2026 FINDINGS PIPELINE HIGH RISK FINDING Patch management gap — 120+ days unpatched systems F-001 MEDIUM RISK FINDING Audit log retention below policy minimum of 12 months F-002 REMEDIATION TRACKER F-001 35% F-002 68% AUDIT PHASES 1 Planning Scope & risk assessment 2 Fieldwork Evidence & testing 3 Reporting Findings & recommendations 4 Follow-up Remediation validation 2 High Findings 3 Medium Findings 1 Low Finding Scope: Core Banking Systems CISA-led
From the assessment floor
IT/IS Audit 14 min read

How to Write IT Audit Findings That Management Actually Acts On

I documented 14 critical observations in a single engagement. The auditee looked at the draft report and told me clearly: he was not presenting 14 findings to m

April 8, 2026 Read article →
IT/IS Audit
ThreatManifest

Real-world cybersecurity — for professionals and people. From the assessment floor, not the textbook.

Professional
Security
Behind the Firewall
Learn
About
Credentials & Affiliations
SWIFT CSP Assessor CISA CEH ISO 27001 Lead Implementer CC (ISC2) 35 ISO 27001 Engagements 27+ PCI DSS ROCs
Affiliate Disclosure

Some articles on this site contain affiliate links. If you purchase a product through one of these links, Threat Manifest may earn a small commission — at no extra cost to you. We only recommend tools and services we have independently evaluated. Read full disclosure.

Privacy Policy Terms of Use Disclaimer Affiliate Disclosure Content Policy Accessibility
© 2026 Threat Manifest. All rights reserved.