Information Management System Internal Audit Checklist
Complete this checklist to assess the effectiveness and compliance of your information management system. Provide accurate details and ratings for each section.
Audit Scope
*
Information System Name and Description
*
Audit Period
*
Auditor Name
*
Department or Process Reviewed
*
Please Select
IT Operations
Records Management
Security
Compliance
Data Governance
Other
System Components in Scope
*
Servers
Databases
Applications
Network Devices
Cloud Services
Endpoints
Other
Access Control Review
*
Rows
Compliant
Partially Compliant
Non-Compliant
Not Applicable
User access reviewed
1
2
3
4
Role-based access enforced
5
6
7
8
Inactive accounts disabled
9
10
11
12
Privileged access monitored
13
14
15
16
Data Classification and Handling
*
Rows
Compliant
Partially Compliant
Non-Compliant
Not Applicable
Data classified by sensitivity
17
18
19
20
Confidential data handled securely
21
22
23
24
Data handling procedures documented
25
26
27
28
Record Retention
*
Retention policies are defined and enforced
Policies defined but not fully enforced
No retention policies in place
Backup and Recovery Verification
*
Rows
Yes
Partially
No
Not Applicable
Backups are performed regularly
29
30
31
32
Backup restoration tested
33
34
35
36
Backup data stored securely
37
38
39
40
Incident and Change Management
*
Rows
Compliant
Partially Compliant
Non-Compliant
Not Applicable
Incidents are logged and tracked
41
42
43
44
Change requests are documented
45
46
47
48
Approvals obtained for changes
49
50
51
52
Training and Awareness
*
Comprehensive training provided
Limited training provided
No training provided
Compliance Gaps Identified
Overall System Rating
*
1
2
3
4
5
Corrective Actions Required
Target Completion Date for Corrective Actions
 -
Month
 -
Day
Year
Date
Reviewer Notes and Recommendations
Submit Checklist
Should be Empty: