2006 CSQA Body of Knowledge
Knowledge Category 9

Internal Control and Security

Privacy laws and increased accessibility to data have necessitated increased security. Accounting scandals and governmental regulation such as the Sarbanes-Oxley Act have placed increased importance on building and maintaining adequate systems of internal control. The quality assurance function can contribute to meeting those objectives by assuring that IT has adequate processes governing internal control and security. 


Principles and Concepts of Internal Control

Internal Control and Security Vocabulary and Concepts
Preventive, Detective and Corrective Controls

Risk and Internal Control Models

COSO Enterprise Risk Management (ERM) Model
COSO Internal Control Framework Model
CobiT Model (Control Objectives for Information and related Technology Model)

 Building Internal Controls

Perform Risk Assessment

Building Adequate Security

Where Vulnerabilities in Security Occur
Establishing a Security Baseline
Security Awareness Training
Security Practices

Bibliographic References

IMPORTANT: It is each candidate's responsibility to stay current in the field and to be aware of published works and materials available for professional study and development. Software Certifications recommends that candidates for certification continually research and stay aware of current literature and trends in the field. There are many valuable references that have not been listed here. These references are offered for informational purposes only.

Back to CSQA Body of Knowledge

Copyright © 2006, Software Certifications. All rights reserved.