As from 1991 audits regarding the mainframe environment are performed. The audits can be divided in:
Regarding the entire technical settings (network related excluded) but including security, database management systems, job scheduling, systems managed storage, and about 200 other subsystems. Also implementation of separation of environments including hand over procedures and hand over systems of system software (including SMP/E audit), application software and related emergency procedures. Audit of the technical and organisational implementation of backup and disaster recovery procedures.
Audits of the different departments needed for the proper and secure running os a s/OS envirment, including segration of duties. Procedures as used by the different department as well as a proper cooperation between the different departments.
Audit of General IT controls
General IT controls are the controls related to the procedures as implemented for proper cooperation between de different departments necessary for running large computer centre. These audits include a.o: problem, change management, security management and implementation, configuration management.
Technical application details in relation with z/OS are performed. Most of the time this are audits, or part of an audit as performed by an application auditor, which require in depth technical knowledge of DB2, IMS and/or CICS. But also knowledge of RACF and job scheduling systems.
Automated systems audits
These audits are related tot the automation of for instance console operations. As most of the time they used tools like Sysview or Omegamon. As these are powerful tools proper implementation is of the utmost importance as they can weaken the entire security, but also continuity of the mainframe environment