UnixTime

Research Note

A.7.9 Audit Checklist

Use this checklist during an internal audit of assets taken, used, stored, or accessed outside organization premises.

On this page

When to use this

Use this checklist during an internal audit of assets taken, used, stored, or accessed outside organization premises.

Audit checklist

  • Confirm off-premises asset risk is assessed.
  • Confirm asset removal requires authorization.
  • Review off-site asset register.
  • Sample asset removal and return records.
  • Check long-term loan attestations.
  • Check mobile device encryption/management evidence.
  • Check BYOD controls where applicable.
  • Check leaver asset return and secure erase records.
  • Check cross-border/jurisdiction risk where relevant.
  • Check risk acceptance where off-site protection is weaker.

Findings table

Asset/use case Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD