349-358

• Amancei, Cristian
• Surcel, Trăian

The purpose of this paper is to present some directions to improve the implementation methodology of an audit process, from the analysis of tolerance to IT systems unavailability for organizations in a critical situation caused by the materialization of IT vulnerabilities. The article follows a series of key components of IT risk management process, proposing practical elements for risk control, internal controls operability analysis and aggregation of results, providing a deterministic model process. The use of predefined questionnaires and risk matrix can help the services providers to adapt to the market and maintain the service quality. These practical elements can be found in the proposed IT audit questionnaire, along with a workflow process in seven steps for the audit mission.

• Economics and Business
• Computer and information sciences

• risk management
• Statistics

IT systems tolerance, risk areas and subareas, control evaluation, risk assessment, IT risk, IT audit steps, audit questionnaires

Περιέχει πίνακες και βιβλιογραφία