IT System Audits

We evaluate and report on controls over information and systems. Our efforts during the audit process and related services help us to identify and address issues and minimize exposure.

  • Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
  • Availability. Information and systems are available for operation and use to meet the entity’s objectives.
  • Processing integrity. System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
  • Confidentiality. Information designated as confidential is protected to meet the entity’s objectives.
  • Privacy. Personal and business information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.

Our professionals expertly apply COSO standards to improve internal controls and risk management. They are experts in the application of the COBIT 5 framework. The Information Systems Audit and Control Association (ISACA) defines the COBIT 5 Framework as “the only business framework for the governance and management of enterprise IT. COBIT 5 incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems.

AUDIT & ASSURANCE

Manage vulneralbilities and ensure compliance

RISK MANAGEMENT

Evaluate and optimize enterprise risk.

INFORMATION SECURITY

Oversee and manage information security.

REGULATORY & COMPLIANCE

Keep ahead of rapidly changing regulations.

GOVERNANCE OF ENTERPRISE IT

Align IT goals and strategic business objectives.

Source: ISACA

Furthermore, our team members are experts on the Statement on Standards for Attestation Engagements (SSAE) No.16, Reporting on Controls at a Service Organization. We can competently produce SOC 1, 2 and 3 Reports on service providers. This is especially critical since collaboration to improve performance has become an integral part of doing business in the networked world, and many of the systems controls and risks may reside out of a company or agency.

Our team members also have the following skills, experience, and credentials:

  • Maintain and develop computerized audit software.
  • Evaluate and review a range of mainframe, PC, and distributed production and applications computer systems.
  • Gather data, compile information, and prepare reports.
  • Perform control reviews on systems development, operation, programming, control, and security procedures and standards.
  • Review system backup, disaster recovery, and maintenance procedures.
  • Communicate with and understand the requirements of professional staff in area of specialty.
  • Create, compose, and edit written materials.
  • Knowledge of software requirements for the auditing of computing systems and procedures.
  • Knowledge of computer systems’ development and programming.
  • Certified Information Systems Auditor (CISA) and Certified Internal Auditors with computer science experience.

https://cobitonline.isaca.org/about