IT Audit Consulting
Why struggle with hiring and retaining IT audit resources within your internal audit group? Outsourcing / Co-sourcing IT audit is a cost effective alternative!
The world of IT audit today requires breadth and depth of technology skills that are seldom found in one resource. Accordingly, many organizations rely on the diversity and depth of skills that only a firm like IRSL can bring to the table. Each resource possesses technological skills within various specialties such as infrastructure and security, ERP systems(SAP, oracle) , database management, UNIX, Windows, project management, application security, or business continuity.
Our projects are defined within small manageable engagements with short timelines designed for high impact and value-add. We can supplement your internal audit plan with IT audit projects that bring added value and positive exposure to your department. Furthermore, each project can be independently evaluated for the return on investment prior to commencement. Therefore, you only engage us for what you need.
We begin with a master services agreement that doesn’t obligate you to purchase any services but establishes us as your IT audit provider. Secondly, we prepare individual project statements of work or provide specific skills and resources for periods of time. Our typical IT audit projects include:
IT Audit Services
· IT Audit for regulatory Compliance
· ERP Quality Assurance
· IT Governance Reviews
· IT Security Assessments
IT Audit Methodology & Approach
IRSL’s IT audit methodology is based on our vast industry experience and addresses IT risk exposures across a variety of organizations.
- General IT Controls – Since information technology permeates all aspects of an entity’s business, we can assess and recommend controls within each IT process related to change management, security, and IT operations.
- Application Controls – We can determine which system configuration and account mapping controls have been designed based on appropriate business criteria, to secure data against inappropriate processing (by enforcing validity, completeness, and accuracy) and help ensure data integrity.
- User Access and Security – In addition to the risk of unauthorized access to data, there may be a risk of theft of sensitive or confidential intellectual property. We can determine if duties are adequately segregated and an overall security posture is maintained.
We follow practices suggested by the Information Systems Audit and Control Association (ISACA). Specifically, we will utilize CobiT (Control Objectives for IT) which is a risk-based, process-focused methodology that is used to establish a thorough understanding of the organization’s audit objectives, the risks that threaten those objectives, and the relationships between those risks and the organization’s controls.
Our approach includes the following:
- Walk-through of each IT process, identify business and/or financial reporting risks, assess risk levels, assign control objectives and identify corresponding controls where applicable.
- Independently test each of the identified IT process areas and collect the appropriate evidence supporting the testing activities and subsequent control evaluation.
- Assess the operating effectiveness of each key control activity based on the test results and the supporting documentation.
- For all control or process failures we can assist with determining the required remediation activities to address the outstanding deficiencies and prioritize the identified remediation plans.
Our IT Audit Professional Resources
Our IT audit professionals have serviced a broad range of corporate, government and non-for-profit entities and are lead by Directors and Managers who are Certified Information Systems Auditors (CISA). Other related certifications held by our IT audit professionals include:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Payment Card Industry Qualified Security Assessor (PCI-QSA)
Certified Internal Auditor (CIA)