Register now or log in to join your professional community.
Salam alaykum,
First step for any sort of risk, audit, compliance, investigations and so on activity is have approvals and support from the highest authority to back up the activity. If there is no support the entire project can easily fail or over shoot its definite timelines. It will be aimless to initiate a project that involve possibly entire organization and its kicked off without proper approvals, authorizations and stake holder support.
For government project all project should start with a organizational structure chart with mapping out the stake holder departments, key people (decision makers) and invite them to a briefing and sign off for their support to the project.
Additionally
In terms of compliance project the requirement are already charted out and mostly everyone know what they need to do and how to get there so it is lesser of a deal.
Always keep on top Goverment Specific Reguations and Standards relating to IT Audits, then follow IT Audit guidelines of COSO or COBIT from ISACA or GTAG from IIA.
Most important compliance is
-IT Budget should be approved by BOD and identified key stakeholders
-Detailed Vendor Analysis and Selection criteria should be performed
Obtain updated regulations issed by regulatory authorities