Annual Audit Plan

The annual audit process is how Security Assurance Audit selects the UMIT departments, systems and or processes which risk assessments and/or audits will be undertaken within a given fiscal year. The output of the annual audit process is the Annual Audit Plan.

Deciding what to audit is a process we re-examines and perform annually. Given the large number of security auditable units and our small audit staff, it is important we allocate our available time to the areas with highest risk exposures and are most significant to the achievement of the UMIT Security Strategic Plan. In addition to the above, we strongly consider the sources below when selecting audits and risk assessments to perform as well as defining their scope:

  • Critical Security Processes As defined by Gartner are defined and are executed reliably.
  • SANS CIS Critical Security Controls are in place and functioning. The SANS CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks