Provide a gap analysis of the operating effectiveness of internal controls
IT Auditing involves providing independent evaluations of an organization’s policies, procedures, standards, measures, and practices for safeguarding electronic information from loss, damage, unintended disclosure, or denial of availability. IT audit provides management with an assessment of whether there exists sufficient controls to mitigate an organization’s risk.
The purpose of IT systems audit is to evaluate whether information systems fulfill the following aims:
- Safeguard assets
- Maintain data integrity
- Achieve organizational objectives effectively
- Consume resources efficiently
Two important concepts of IT Audit process is that of risk (business risk) and control (internal control).
Business Risk – “any event or action that stops an organization from achieving its goals or business objectives.” (Gallegos et al. 386).
Internal Control – is defined as “a process, effected by an entity’s board of trustees, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives“
Why DewCIS ?
We provide experienced consultants who have expertise gained from years of experience in IT Audit services. During the IS audit process our consultants will be expected know what your business expects from information systems, what are the best IT practices, and whether the information systems of an organization realize these expectations and best practices. Since all businesses are now heavily dependent on information systems, management wants assurance from independent experts.
Application Assessment is specific audit of one or more applications. These process can be done as the system is developed, at post-implementation, or on a regularly scheduled basis (annually, every 5 years, etc.). Whichever stage of audit review is being carried out, the DewCIS IS Auditor is looking for assurance that the application provides an adequate degree of control over the data being processed. The level of control expected for a particular application is dependent on the degree of risk involved in the incorrect or unauthorized processing of that data.
An Application Assessment, should, at a minimum determine the existence of controls in the following areas:
- Inputs, Processing, Outputs
- Logical Security
- Disaster Recovery Plan
- Change Management
- User Support
- Third Party Services
IT Infrastructure Assessment
Today more than ever, many organizations are challenged to implement a reliable, efficient IT Infrastructure. An accurate picture of your Information Systems capability will give you the information you need to design an effective IT strategy and facilitate the rapid realization of your ideal IT situation and would involve the following steps;
- An assessment and evaluation of the current IT infrastructure environment and its related application production and development support systems as well as data storage, disaster recovery capabilities and process maturity.
- A review of people, process, hardware technology and data center facilities to provide an overall view of the IT infrastructure and its capabilities.
- A gap analysis comparing current IT infrastructure solutions to best practices and recommendations for improvement.
Threats and Vulnerability Assessment
Threats and Vulnerability Assessment exercise goes beyond a typical single-tool automated scan. DewCIS security experts provide cross validation and hand validation of vulnerabilities, then takes the process of threat and vulnerability assessment one step further by identifying the root cause behind system vulnerabilities on the internal critical systems (when possible). Without identifying the root cause, vulnerabilities will often reappear. By identifying the root cause, mitigating steps can be taken to address the vulnerability, as well as numerous other potential vulnerabilities.
IT Risk Assessment
IT Risk Assessment provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the behavior and initiative at the top, to operational issues.
Our IT risk assessment methodology identifies and classifies the inherent risks that an organization faces and includes several, namely;
- Identifying and obtaining a high-level understanding of the key business applications in use at a client
- Establishing the main platforms on which existing applications reside and identifying the key interfaces between them.
- Identifying, at a high level outstanding user needs, demands, and problems regarding existing applications, applications under development, and proposed applications.
- Recommending controls and procedures to be instituted to effectively manage identified risks.
Regulatory Compliance Review
The IT Regulatory Compliance Services provide for the periodic review, monitoring, and determination of the IT compliance with the stipulated IT Policy and Procedures of the organization and relevant governing laws. The services would also provide consultation and staff training in those areas in which IT Compliance may not be considered satisfactory. Following each IT Regulatory Compliance review, a detailed report detailing the scope of the review and specific findings and recommendations resulting from the review procedures performed is provided.