Relationship Between Itil and Project Management by dkn10781

VIEWS: 25 PAGES: 8

Relationship Between Itil and Project Management document sample

More Info
									3 The management system                                     3 SECURITY POLICY                                           PO1 Define a Strategic IT Plan


3.1 Management and Responsibility                           3.1 INFORMATION SECURITY POLICY                             1.1 IT as Part of the Organization’s Long and Short Range Plan

3.2 Documentation requirements                              3.1.1 Information security policy document                  1.2 IT Long-range Plan

3.3 Competence, awareness and training                      3.1.2 Review and evaluation                                 1.3 IT Long-range Planning—Approach and Structure

3.3.1 General                                               4 ORGANIZATIONAL SECURITY                                   1.4 IT Long-range Plan Changes

3.3.2 Professional development                              4.1 INFORMATION SECURITY INFRASTRUCTURE                     1.5 Short-range Planning for the IT Function

3.3.3 Approaches to be considered                           4.1.1 Management information security forum                 1.6 Communication of IT Plans

4 Planning and implementing service management              4.1.2 Information security co-ordination                    1.7 Monitoring and Evaluating of IT Plans

4.1 Plan service management (Plan)                          4.1.3 Allocation of information security responsibilities   1.8 Assessment of Existing Systems

4.1.1 Scope of service Management                           4.1.4 Authorization process for information processing      PO2 Define the Information Architecture
                                                            facilities
4.1.2 Planning approaches                                   4.1.5 Specialist information security advice                2.1 Information Architecture Model

4.1.3 Events to be considered                               4.1.6 Co-operation between organizations                    2.2 Corporate Data Dictionary and Data Syntax Rules

4.1.4 Scope and contents of the plan                        4.1.7 Independent review of information security            2.3 Data Classification Scheme

4.2 Implement service management and provide the services   4.2 SECURITY OF THIRD PARTY ACCESS                          2.4 Security Levels


4.3 Monitoring, measuring and reviewing (Check)             4.2.1 Identification of risks from third party access       PO3 Determine Technological Direction

4.4 Continual improvement (Act)                             4.2.2 Security requirements in third party contracts        3.1 Technological Infrastructure Planning

4.4.1 Policy                                                4.3 OUTSOURCING                                             3.2 Monitor Future Trends and Regulations

4.4.2 Planning for service improvements                     4.3.1 Security requirements in outsourcing contracts        3.3 Technological Infrastructure Contingency

5 Planning and implementing new or changed services         5 ASSET CLASSIFICATION AND CONTROL                          3.4 Hardware and Software Acquisition Plan

5.1 Topics for consideration                                5.1 ACCOUNTABILITY FOR ASSETS                               3.5 Technology Standards

5.2 Change records                                          5.1.1 Inventory of assets                                   PO4 Define the IT Organization and Relationships

6 Service delivery process                                  5.2 INFORMATION CLASSIFICATION                              4.1 IT Planning or Steering Committee

6.1 Service level management                                5.2.1 Classification guidelines                             4.2 Organizational Placement of the IT Function

6.1.1 Service catalogue                                     5.2.2 Information labelling and handling                    4.3 Review of Organizational Achievements

6.1.2 Service level agreements (SLAs)                       6 PERSONNEL SECURITY                                        4.4 Roles and Responsibilities

6.1.3 Service level management (SLM) process                6.1 SECURITY IN JOB DEFINITION AND RESOURCING 4.5 Responsibility for Quality Assurance


6.1.4 Supporting service agreements                         6.1.1 Including security in job responsibilities            4.6 Responsibility for Logical and Physical Security

6.2 Service reporting                                       6.1.2 Personnel screening and policy                        4.7 Ownership and Custodianship

6.2.1 Policy                                                6.1.3 Confidentiality agreements                            4.8 Data and System Ownership

6.2.2 Purpose and quality checks on service reports         6.1.4 Terms and conditions of employment                    4.9 Supervision

6.2.3 Service reports                                       6.2 USER TRAINING                                           4.10 Segregation of Duties

6.3 Service continuity and availability management          6.2.1 Information security education and training           4.11 IT Staffing

6.3.1 General                                               6.3 RESPONDING TO SECURITY INCIDENTS AND                    4.12 Job or Position Descriptions for IT Staff
                                                            MALFUNCTIONS
6.3.2 Availability monitoring and activities                6.3.1 Reporting security incidents                          4.13 Key IT Personnel

6.3.3 Service continuity strategy                           6.3.2 Reporting security weaknesses                         4.14 Contracted Staff Policies and Procedures

6.3.4 Service continuity planning and testing               6.3.3 Reporting software malfunctions                       4.15 Relationships

6.4 Budgeting and accounting for IT services                6.3.4 Learning from incidents                               PO5 Manage the IT Investment

6.4.1 General                                               6.3.5 Disciplinary process                                  5.1 Annual IT Operating Budget

6.4.2 Policy                                                7 PHYSICAL AND ENVIRONMENTAL SECURITY                       5.2 Cost and Benefit Monitoring

6.4.3 Budgeting                                             7.1 SECURE AREAS                                            5.3 Cost and Benefit Justification

6.4.4 Accounting                                            7.1.1 Physical security perimeter                           PO6 Communicate Management Aims and Direction

6.5 Capacity management                                     7.1.2 Physical entry controls                               6.1 Positive Information Control Environment

6.6 Information security management                         7.1.3 Securing offices, rooms and facilities                6.2 Management’s Responsibility for Policies

6.6.1 General                                               7.1.4 Working in secure areas                               6.3 Communication of Organization Policies

6.6.2 Identifying and classifying information assets        7.1.5 Isolated delivery and loading areas                   6.4 Policy Implementation Resources

6.6.3 Security risk assessment practices                    7.2 EQUIPMENT SECURITY                                      6.5 Maintenance of Policies
6.6.4 Risks to information assets                            7.2.1 Equipment siting and protection                        6.6 Compliance with Policies, Procedures and Standards

6.6.5 Security and availability of information               7.2.2 Power supplies                                         6.7 Quality Commitment

6.6.6 Controls                                               7.2.3 Cabling security                                       6.8 Security and Internal Control Framework Policy

6.6.7 Documents and records                                  7.2.4 Equipment maintenance                                  6.9 Intellectual Property Rights

7 Relationship processes                                     7.2.5 Security of equipment off-premises                     6.10 Issue-specific Policies

7.1 General                                                  7.2.6 Secure disposal or re-use of equipment                 6.11 Communication of IT Security Awareness

7.2 Business relationship management                         7.3 GENERAL CONTROLS                                         PO7 Manage Human Resources

7.2.1 Service reviews                                        7.3.1 Clear desk and clear screen policy                     7.1 Personnel Recruitment and Promotion

7.2.2 Service complaints                                     7.3.2 Removal of property                                    7.2 Personnel Qualifications

7.2.3 Customer satisfaction measurement                      8 COMMUNICATIONS AND OPERATIONS                              7.3 Roles and Responsibilities
                                                             MANAGEMENT
7.3 Supplier management                                      8.1 OPERATIONAL PROCEDURES AND                               7.4 Personnel Training
                                                             RESPONSIBILITIES
7.3.1 Introduction                                           8.1.1 Documented operating procedures                        7.5 Cross-training or Staff Backup

7.3.2 Contract management                                    8.1.2 Operational change control                             7.6 Personnel Clearance Procedures

7.3.3 Service definition                                     8.1.3 Incident management procedures                         7.7 Employee Job Performance Evaluation

7.3.4 Managing multiple suppliers                            8.1.4 Segregation of duties                                  7.8 Job Change and Termination

7.3.5 Contractual disputes management                        8.1.5 Separation of development and operational facilities   PO8 Ensure Compliance with External Requirements


7.3.6 Contract end                                           8.1.6 External facilities management                         8.1 External Requirements Review


8 Resolution processes                                       8.2 SYSTEM PLANNING AND ACCEPTANCE                           8.2 Practices and Procedures for Complying with External Requirements

8.1 Background                                               8.2.1 Capacity planning                                      8.3 Safety and Ergonomic Compliance

8.1.1 Setting priorities                                     8.2.2 System acceptance                                      8.4 Privacy, Intellectual Property and Data Flow

8.1.2 Workarounds                                            8.3 PROTECTION AGAINST MALICIOUS SOFTWARE                    8.5 Electronic Commerce


8.2 Incident management                                      8.3.1 Controls against malicious software                    8.6 Compliance With Insurance Contracts

8.2.1 General                                                8.4 HOUSEKEEPING                                             PO9 Assess Risks

8.2.2 Major incidents                                        8.4.1 Information back-up                                    9.1 Business Risk Assessment

8.3 Problem management                                       8.4.2 Operator logs                                          9.2 Risk Assessment Approach

8.3.1 Scope of problem management                            8.4.3 Fault logging                                          9.3 Risk Identification

8.3.2 Initiation of problem management                       8.5 NETWORK MANAGEMENT                                       9.4 Risk Measurement

8.3.3 Known errors                                           8.5.1 Network controls                                       9.5 Risk Action Plan

8.3.4 Problem resolution management                          8.6 MEDIA HANDLING AND SECURITY                              9.6 Risk Acceptance

8.3.5 Communication                                          8.6.1 Management of removable computer media                 9.7 Safeguard Selection

8.3.6 Tracking and escalation                                8.6.2 Disposal of media                                      9.8 Risk Assessment Commitment

8.3.7 Incident and problem record closure                    8.6.3 Information handling procedures                        PO10 Manage Projects

8.3.8 Problem reviews                                        8.6.4 Security of system documentation                       10.1 Project Management Framework

8.3.9 Topics for reviews                                     8.7 EXCHANGES OF INFORMAT ION AND SOFTWARE 10.3 Project Team Membership and Responsibilities

8.3.10 Problem prevention                                    8.7.1 Information and software exchange agreements           10.4 Project Definition

9 Control processes                                          8.7.2 Security of media in transit                           10.5 Project Approval

9.1 Configuration management                                 8.7.3 Electronic commerce security                           10.6 Project Phase Approval

9.1.1 Configuration management planning and implementation 8.7.4 Security of electronic mail                              10.7 Project Master Plan


9.1.2 Configuration identification                           8.7.5 Security of electronic office systems                  10.8 System Quality Assurance Plan

9.1.3 Configuration control                                  8.7.6 Publicly available systems                             10.9 Planning of Assurance Methods

9.1.4 Configuration status accounting and reporting          8.7.7 Other forms of information exchange                    10.10 Formal Project Risk Management

9.1.5 Configuration verification and audit                   9 ACCESS CONTROL                                             10.11 Test Plan

9.2 Change management                                        9.1 BUSINESS REQUIREMENT FOR ACCESS CONTROL 10.12 Training Plan

9.2.1 Planning and implementation                            9.1.1 Access control policy                                  10.13 Post-implementation Review Plan

9.2.2 Closing and reviewing the change request               9.2 USER ACCESS MANAGEMENT                                   PO11 Manage Quality
9.2.3 Emergency changes                                   9.2.1 User registration                                   11.1 General Quality Plan

9.2.4 Change management reporting, analysis and actions   9.2.2 Privilege management                                11.2 Quality Assurance Approach

10 Release process                                        9.2.3 User password management                            11.3 Quality Assurance Planning


10.1 Release management process                           9.2.4 Review of user access rights                        11.4 Quality Assurance Review of Adherence to IT Standards and
                                                                                                                    Procedures
10.1.1 General                                            9.3 USER RESPONSIBILITIES                                 11.5 System Development Life Cycle Methodology


10.1.2 Release policy                                     9.3.1 Password use                                        11.6 System Development Life Cycle Methodology for Major Changes to
                                                                                                                    Existing Technology
10.1.3 Release and roll-out planning                      9.3.2 Unattended user equipment                           11.7 Updating of the System Development Life Cycle Methodology

10.1.4 Developing or acquiring software                   9.4 NETWORK ACCESS CONTROL                                11.8 Coordination and Communication


10.1.5 Design, build and configure release                9.4.1 Policy on use of network services                   11.9 Acquisition and Maintenance Framework for the Technology
                                                                                                                    Infrastructure
10.1.6 Release verification and acceptance                9.4.2 Enforced path                                       11.10 Third-party Implementer Relationships

10.1.7 Documentation                                      9.4.3 User authentication for external connections        11.11 Program Documentation Standards

10.1.8 Roll-out, distribution and installation            9.4.4 Node authentication                                 11.12 Program Testing Standards

10.1.9 Post release and roll-out                          9.4.5 Remote diagnostic port protection                   11.13 System Testing Standards

                                                          9.4.6 Segregation in networks                             11.14 Parallel/Pilot Testing

                                                          9.4.7 Network connection control                          11.15 System Testing Documentation


                                                          9.4.8 Network routing control                             11.16 Quality Assurance Evaluation of Adherence to Development
                                                                                                                    Standards
                                                          9.4.9 Security of network services                        11.17 Quality Assurance Review of the Achievement of IT Objectives

                                                          9.5 OPERATING SYSTEM ACCE SS CONTROL                      11.18 Quality Metrics

                                                          9.5.1 Automatic terminal identification                   11.19 Reports of Quality Assurance Reviews

                                                          9.5.2 Terminal log-on procedures                          AI1 Identify Automated Solutions

                                                          9.5.3 User identification and authentication              1.1 Definition of Information Requirements

                                                          9.5.4 Password management system                          1.2 Formulation of Alternative Courses of Action

                                                          9.5.5 Use of system utilities                             1.3 Formulation of Acquisition Strategy

                                                          9.5.6 Duress alarm to safeguard users                     1.4 Third-party Service Requirements

                                                          9.5.7 Terminal time-out                                   1.5 Technological Feasibility Study

                                                          9.5.8 Limitation of connection time                       1.6 Economic Feasibility Study

                                                          9.6 APPLICATION ACCESS CONTROL                            1.7 Information Architecture

                                                          9.6.1 Information access restriction                      1.8 Risk Analysis Report

                                                          9.6.2 Sensitive system isolation                          1.9 Cost-effective Security Controls

                                                          9.7 MONITORING SYSTEM ACCESS AND USE                      1.10 Audit Trails Design

                                                          9.7.1 Event logging                                       1.11 Ergonomics

                                                          9.7.2 Monitoring system use                               1.12 Selection of System Software

                                                          9.7.3 Clock synchronization                               1.13 Procurement Control

                                                          9.8 MOBILE COMPUTING AND TELEWORKING                      1.14 Software Product Acquisition

                                                          9.8.1 Mobile computing                                    1.15 Third-party Software Maintenance

                                                          9.8.2 Teleworking                                         1.16 Contract Application Programming

                                                          10 SYSTEMS DEVELOPMENT AND MAINTENANCE                    1.17 Acceptance of Facilities


                                                          10.1 SECURITY REQUIREMENTS OF SYSTEMS                     1.18 Acceptance of Technology

                                                          10.1.1 Security requirements analysis and specification   AI2 Acquire and Maintain Application Software

                                                          10.2 SECURITY IN APPLICATION SYSTEMS                      2.1 Design Methods

                                                          10.2.1 Input data validation                              2.2 Major Changes to Existing Systems

                                                          10.2.2 Control of internal processing                     2.3 Design Approval

                                                          10.2.3 Message authentication                             2.4 File Requirements Definition and Documentation

                                                          10.2.4 Output data validation                             2.5 Program Specifications

                                                          10.3 CRYPTOGRAPHIC CONTROLS                               2.6 Source Data Collection Design

                                                          10.3.1 Policy on the use of cryptographic controls        2.7 Input Requirements Definition and Documentation
10.3.2 Encryption                                            2.8 Definition of Interfaces

10.3.3 Digital signatures                                    2.9 User-machine Interface


10.3.4 Non-repudiation services                              2.10 Processing Requirements Definition and Documentation

10.3.5 Key management                                        2.11 Output Requirements Definition and Documentation

10.4 SECURITY OF SYSTEM FILES                                2.12 Controllability

10.4.1 Control of operational software                       2.13 Availability as a Key Design Factor


10.4.2 Protection of system test data                        2.14 IT Integrity Provisions in Application Program Software

10.4.3 Access control to program source library              2.15 Application Software Testing

10.5 SECURITY IN DEVELOPMENT AND SUPPORT                     2.16 User Reference and Support Materials
PROCE SSES
10.5.1 Change control procedures                             2.17 Reassessment of System Design

10.5.2 Technical review of operating system changes          AI3 Acquire and Maintain Technology Infrastructure

10.5.3 Restrictions on changes to software packages          3.1 Assessment of New Hardware and Software

10.5.4 Covert channels and Trojan code                       3.2 Preventive Maintenance for Hardware

10.5.5 Outsourced software development                       3.3 System Software Security

11 BUSINESS CONTINUITY MANAGEMENT                            3.4 System Software Installation

11.1 ASPECTS OF BUSINESS CONTINUITY                          3.5 System Software Maintenance
MANAGEMENT
11.1.1 Business continuity management process                3.6 System Software Change Controls

11.1.2 Business continuity and impact analysis               3.7 Use and Monitoring of System Utilities

11.1.3 Writing and implementing continuity plans             AI4 Develop and Maintain Procedures

11.1.4 Business continuity planning framework                4.1 Operational Requirements and Service Levels

11.1.5 Testing, maintaining and re-assessing business        4.2 User Procedures Manual
continuity plans
12 COMPLIANCE                                                4.3 Operations Manual

12.1 COMPLIANCE WITH LEGAL REQUIREMENTS                      4.4 Training Materials

12.1.1 Identification of applicable legislation              AI5 Install and Accredit Systems

12.1.2 Intellectual property rights (IPR)                    5.1 Training

12.1.3 Safeguarding of organizational records                5.2 Application Software Performance Sizing

12.1.4 Data protection and privacy of personal information   5.3 Implementation Plan

12.1.5 Prevention of misuse of information processing        5.4 System Conversion
facilities
12.1.6 Regulation of cryptographic controls                  5.5 Data Conversion

12.1.7 Collection of evidence                                5.6 Testing Strategies and Plans

12.2 REVIEWS OF SECURITY P OLICY AND                         5.7 Testing of Changes
TECHNICAL COMPLIANCE
12.2.1 Compliance with security policy                       5.8 Parallel/Pilot Testing Criteria and Performance

12.2.2 Technical compliance checking                         5.9 Final Acceptance Test

12.3 SYSTEM AUDIT CONSIDERATIONS                             5.10 Security Testing and Accreditation

12.3.1 System audit controls                                 5.11 Operational Test

12.3.2 Protection of system audit tools                      5.12 Promotion to Production

                                                             5.13 Evaluation of Meeting User Requirements

                                                             5.14 Management’s Post-implementation Review

                                                             AI6 Manage Changes

                                                             6.1 Change Request Initiation and Control

                                                             6.2 Impact Assessment

                                                             6.3 Control of Changes

                                                             6.4 Emergency Changes

                                                             6.5 Documentation and Procedures

                                                             6.6 Authorized Maintenance

                                                             6.7 Software Release Policy
6.8 Distribution of Software

DS1 Define and Manage Service Levels

1.1 Service Level Agreement Framework

1.2 Aspects of Service Level Agreements

1.3 Performance Procedures

1.4 Monitoring and Reporting

1.5 Review of Service Level Agreements and Contracts

1.6 Chargeable Items

1.7 Service Improvement Program

DS2 Manage Third-party Services

2.1 Supplier Interfaces

2.2 Owner Relationships

2.3 Third-party Contracts

2.4 Third-party Qualifications

2.5 Outsourcing Contracts

2.6 Continuity of Services

2.7 Security Relationships

2.8 Monitoring

DS3 Manage Performance Capacity

3.1 Availability and Performance Requirements

3.2 Availability Plan

3.3 Monitoring and Reporting

3.4 Modeling Tools

3.5 Proactive Performance Management

3.6 Workload Forecasting

3.7 Capacity Management of Resources

3.8 Resources Availability

3.9 Resources Schedule

DS4 Ensure Continuous Service

4.1 IT Continuity Framework

4.2 IT Continuity Plan Strategy and Philosophy

4.3 IT Continuity Plan Contents

4.4 Minimizing IT Continuity Requirements

4.5 Maintaining the IT Continuity Plan

4.6 Testing the IT Continuity Plan

4.7 IT Continuity Plan Training

4.8 IT Continuity Plan Distribution

4.9 User Department Alternative Processing Backup Procedures

4.10 Critical IT Resources

4.11 Backup Site and Hardware

4.12 Offsite Backup Storage

4.13 Wrap-up Procedures

DS5 Ensure Systems Security

5.1 Manage Security Measures

5.2 Identification, Authentication and Access

5.3 Security of Online Access to Data

5.4 User Account Management

5.5 Management Review of User Accounts

5.6 User Control of User Accounts
5.7 Security Surveillance

5.8 Data Classification

5.9 Central Identification and Access Rights

5.10 Management Violation and Security Activity Reports

5.11 Incident Handling

5.12 Reaccreditation

5.13 Counterparty Trust

5.14 Transaction Authorization

5.15 Nonrepudiation

5.16 Trusted Path

5.17 Protection of Security Functions

5.18 Cryptographic Key Management

5.19 Malicious Software Prevention, Detection and Correction

5.20 Firewall Architectures and Connections with Public Networks

5.21 Protection of Electronic Value

DS6 Identify and Allocate Costs

6.1 Chargeable Items

6.2 Costing Procedures

6.3 User Billing and Chargeback Procedures

DS7 Educate and Train Users

7.1 Identification of Training Needs

7.2 Training Organization

7.3 Security Principles and Awareness Training

DS8 Assist and Advise Customers

8.1 Help Desk

8.2 Registration of Customer Queries

8.3 Customer Query Escalation

8.4 Monitoring of Clearance

8.5 Trend Analysis and Reporting

DS9 Manage the Configuration

9.1 Configuration Recording

9.2 Configuration Baseline

9.3 Status Accounting

9.4 Configuration Control

9.5 Unauthorized Software

9.6 Software Storage

9.7 Configuration Management Procedures

9.8 Software Accountability

DS10 Manage Problems and Incidents

10.1 Problem Management System

10.2 Problem Escalation

10.3 Problem Tracking and Audit Trail

10.4 Emergency and Temporary Access Authorization

10.5 Emergency Processing Priorities

DS11 Manage Data

11.1 Data Preparation Procedures

11.2 Source Document Authorization Procedures

11.3 Source Document Data Collection

11.4 Source Document Error Handling
11.5 Source Document Retention

11.6 Data Input Authorization Procedures

11.7 Accuracy, Completeness and Authorization Checks

11.8 Data Input Error Handling

11.9 Data Processing Integrity

11.10 Data Processing Validation and Editing

11.11 Data Processing Error Handling

11.12 Output Handling and Retention

11.13 Output Distribution

11.14 Output Balancing and Reconciliation

11.15 Output Review and Error Handling

11.16 Security Provision for Output Reports

11.17 Protection of Sensitive Information During Transmission and
Transport
11.18 Protection of Disposed Sensitive Information

11.19 Storage Management

11.20 Retention Periods and Storage Terms

11.21 Media Library Management System

11.22 Media Library Management Responsibilities

11.23 Backup and Restoration

11.24 Backup Jobs

11.25 Backup Storage

11.26 Archiving

11.27 Protection of Sensitive Messages

11.28 Authentication and Integrity

11.29 Electronic Transaction Integrity

11.30 Continued Integrity of Stored Data

DS12 Manage Facilities

12.1 Physical Security

12.2 Low Profile of the IT Site

12.3 Visitor Escort

12.4 Personnel Health and Safety

12.5 Protection Against Environmental Factors

12.6 Uninterruptible Power Supply

DS13 Manage Operations

13.1 Processing Operations Procedures and Instructions Manual

13.2 Start-up Process and Other Operations Documentation

13.3 Job Scheduling

13.4 Departures from Standard Job Schedules

13.5 Processing Continuity

13.6 Operations Logs

13.7 Safeguard Special Forms and Output Devices

13.8 Remote Operations

M1 Monitor the Processes

1.1 Collecting Monitoring Data

1.2 Assessing Performance

1.3 Assessing Customer Satisfaction

1.4 Management Reporting

M2 Assess Control Adequacy

2.1 Internal Control Monitoring
2.2 Timely Operation of Internal Controls

2.3 Internal Control Level Reporting

2.4 Operational Security and Internal Control Assurance

M3 Obtain Independent Assurance

3.1 Independent Security and Internal Control Certification/Accreditation
of IT Services
3.2 Independent Security and Internal Control Certification/Accreditation
of Third-party Service Providers
3.3 Independent Effectiveness Evaluation of IT Services


3.4 Independent Effectiveness Evaluation of Third-party Service Providers


3.5 Independent Assurance of Compliance with Laws and Regulatory
Requirements and Contractual Commitments
3.6 Independent Assurance of Compliance with Laws and Regulatory
Requirements by Third-party Service Providers
3.7 Competence of Independent Assurance Function

3.8 Proactive Audit Involvement

M4 Provide for Independent Audit

4.1 Audit Charter

4.2 Independence

4.3 Professional Ethics and Standards

4.4 Competence

4.5 Planning

4.6 Performance of Audit Work

4.7 Reporting

4.8 Follow-up Activities

								
To top