ISACA October 2012 SharePoint Governance, Auditing, and Infrastructure Talk


On October 9, 2012, I delivered a presentation on Risk and Controls related to SharePoint at the Toronto Chapter of ISACA in Kitchener. ISACA was incorporated by individuals who recognized a need for a centralized source of information and guidance in the growing field of auditing controls for computer systems. Today, ISACA's Membership - more than 100,000 strong worldwide - is characterized by its diversity. Members live and work in more than 140 countries and cover a variety of professional IT-related positions

The Toronto Chapter offers regular social and educational events throughout the training year to allow members to network and learn in an informal environment.

This session explored SharePoint Governance, auditing support and infrastructure.

Session Summary: Taming a Giant - Risks and Controls

Microsoft SharePoint is one of the fastest growing software tools, being adopted by many organizations due to its ability to deliver:

  • Out of the box capabilities – document management, workflow, calendaring, and simple project management to name a few;
  • The seamless integration to Microsoft Office;
  • Ease of use; and,
  • Ability to create multiple sites by department users

This session will look at Microsoft SharePoint by exploring the risks and controls that should be in place to help ensure that a SharePoint environment lives up to the capabilities of the software

  • SharePoint background and overview
  • SharePoint Governance – What it is and why it is important
    • Roles and responsibilities
    • Back and front end rules versus guiding principles and best practices
    • Communication and training
  • SharePoint auditing support
    • Document management and versions
    • Records management and retention
  • SharePoint Infrastructure
    • Performance and availability
    • Backup and disaster recovery

You can view the presentation at

Latest Articles