Conducting auditing and monitoring activities

The auditing of security relevant events and the monitoring and tracking of system abnormalities are key elements in the after-the-fact detection of, and recovery from, security breaches. CPO shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Internal audit functions as they address issues within their health-care organizations, and develop guidance and reference materials on key aspects of health care auditing and monitoring processes.

Source :
http://www.ifac.org/system/files/downloads/a017-2010-iaasb-handbook-isa-315.pdf