Five-Year Rotating Audit Focus Based on Risk Assessment at Georgia Tech

Georgia Tech operates one of the most complex networks in the world. The institute has more than 30,000 machines accessing the backbone daily. Most legacy, state-of-the-market, and state-of-the-art architectures are present in some form on our campus network. The risk of compromise and loss of intellectual property is constantly a focus of the information systems audit function. The Department of Internal Auditing has been charged with reviewing each department and administrative area at the Georgia Institute of Technology within a five-year time frame. To accomplish this, the department divided Georgia Tech into approximately 134 auditable entities. Annually, the University System of Georgia Board of Regents conducts a risk assessment of all critical systems across the 34 institutions that comprise the USG. Each member university is asked to complete the assessment. This assessment is focused at an enterprise-level university system and, upon completion, points to those systems/areas that are due audit attention.