IT Audit

Many organizations are spending large amounts of money on IT because they recognize the tremendous benefits that IT can bring to their operations and services. However, they need to ensure that their IT systems are reliable, secure and not vulnerable to system attacks.

As the records, services and operations of many organizations are often highly computerized, there is a need to evaluate the IT controls in the course of an audit of these organizations.

Estimating Price For Your Needs

Evaluating the reliability of data from IT systems which have an impact on the financial statements of the organization.

Ascertaining the level of compliance with the applicable laws, policies and standards in relation to IT.

Checking if there are instances of excess, extravagance, gross inefficiency tantamount to waste in the use and management of IT systems.

It helps to reduce risks of data tampering, data loss or leakage, service disruption, and poor management of IT systems

List of activities that we do

  • Assessing effectiveness of processes/controls in the IT environment/infrastructure
  • Assessing the effectiveness of processes/controls addressing specific business systems
  • Assessments focused on specific risks
  • Assessments of third party organisations (performance against contract, SAS70 reviews)
  • Audits and pre-certification reviews for a range of standards applicable to today's IT environments (eg ITIL, COBIT, PCI, ISO/IEC 31000, ISO/IEC 20000, ISO/ IEC 27001)
  • Information management and data security
  • Vulnerability assessments (WAN, LAN, internal and external threats)
  • IT governance (business reliance on IT, performance, accountability, return on investment, effectiveness in servicing the business requirements)
  • IT project governance (involvement in projects for the purposes of assessing project governance and ensuring compliance with methodology)
  • Pre- and post-implementation reviews
  • Benefits realisation reviews and assessment of return on investment
  • Maturity assessments and modeling
  • Design and execution of computer assisted audit techniques (CAAT) and data analysis to support
  • Investigations, evidence gathering, audits and other reviews requiring high volume, objective data analysis
  • Business impact assessments, recovery strategy selection, assistance with the development and implementation of disaster recovery plans and business continuity plans
  • Assisting in the establishment and implementation of organisation-wide specific IT control frameworks such as COBIT (the international Information Systems Association of Certified Auditors product) and ITIL