Annual Audit Plan -- FY2005 - Department of the Treasury
Annual Audit Plan -- FY2005 - Department of the Treasury
Annual Audit Plan -- FY2005 - Department of the Treasury
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Treasury</strong> Inspector General for Tax Administration - Office <strong>of</strong> <strong>Audit</strong><br />
Penetration Test (Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Determine whe<strong>the</strong>r <strong>the</strong> IRS is improving its controls to detect and<br />
prevent unauthorized accesses to <strong>the</strong> IRS’ data and systems from inside <strong>the</strong> IRS firewalls.<br />
Computer Security Incident Response Center (Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Determine whe<strong>the</strong>r <strong>the</strong> IRS has an effective Computer Security<br />
Incident Response Center.<br />
Physical Security (Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Determine whe<strong>the</strong>r <strong>the</strong> IRS has effective physical security controls at<br />
its campuses and <strong>of</strong>fices.<br />
Common Operating Environment (Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Determine whe<strong>the</strong>r <strong>the</strong> IRS has adequately secured and deployed <strong>the</strong><br />
common operating environment used on its end-user computers.<br />
Federal Information Security Management Act (Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Provide an overall assessment <strong>of</strong> IRS security measures required by<br />
<strong>the</strong> Federal Information Security Management Act.<br />
Authorization for Access on Internal Revenue Computer Systems and Applications<br />
(Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Assess <strong>the</strong> effectiveness <strong>of</strong> <strong>the</strong> IRS’ controls over authorizing user<br />
access to its systems and applications.<br />
Employee Susceptibility over Social Engineering (Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Determine whe<strong>the</strong>r employees are aware <strong>of</strong> <strong>the</strong>ir security<br />
responsibilities by emulating methods <strong>of</strong>ten used by hackers to gain sensitive<br />
information.<br />
Transition to Active Directory (Statutory <strong>Audit</strong>)<br />
<strong>Audit</strong> Objective: Determine whe<strong>the</strong>r <strong>the</strong> IRS is successfully deploying and adequately<br />
securing <strong>the</strong> Windows Active Directory network infrastructure.<br />
Fiscal Year 2005 <strong>Annual</strong> <strong>Audit</strong> <strong>Plan</strong> Page 30