Information technology audit (IT Audit)
With rapid changes in technology across a magnitude of industries, organisations continue to face the difficulty of knowing which fundamental technology (IT) controls should be in place to protect their business data and IT systems.
An information technology audit from RSM is effective and affordable point-in-time assessment of the organisation’s internal IT control and IT risk management practices.
RSM can conduct these reviews with the intent of identifying any control gaps against known information technology and information security better practices, which may lead to the compromise of organisational data, or a disruption of services.
In today's information-driven business environment, organisations must continually evaluate their ability to protect information assets.
An IT Audit is suitable for any organisation who wishes to risk assess their current information assets against known information technology and information security better practices and determine what data integrity, client and server changes as well control and procedural changes they can implement to make technology infrastructure more secure.
Effective IT audit can help organisations not only improve internal controls and security but also achieve their IT systems and applications goals and objectives.
Who needs this?
RSM provides specialists skilled in the disciplines of IT governance, technology risk advisory, information security and IT audit - from services and advice in support of external auditors, internal audit, IT risk advisors and as independent consultants to executive management, IT management and business unit managers.
Overview of information technology audit services
The IT internal audit seeks to evaluate the organization and provide our clients with a sound understanding of how they are meeting better practices in the following key areas of focus:
- Assessing the effectiveness of processes/controls addressing specific business systems development
- Assessments focused on specific risks
- Assessments of third party organisations (performance against contract, ASAE 3402, CPS 234)
- Audits and pre-certification reviews for a range of standards applicable to today's IT environments (ITIL, COBIT, PCI DSS, ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018)
- Information management and data security
- Vulnerability assessments (WAN, LAN, internal and external threats)
- Identity and access management, privileged access allocation and the monitoring of account activity
- IT governance (business reliance on IT, performance, accountability, return on investment, effectiveness in servicing the business requirements)
- IT project governance (involvement in projects for the purposes of assessing project governance and ensuring compliance with methodology)
- Pre- and post-implementation reviews
- Benefits realisation reviews and assessment of return on investment
- Maturity assessments and modeling
- Design and execution of computer-assisted audit techniques (CAAT) and data analysis to support
- Investigations, evidence gathering, audits and other reviews requiring high volume, objective data analysis
- Business impact assessments, recovery strategy selection, assistance with the development and implementation of disaster recovery plans and business continuity plans
- Assisting in the establishment and implementation of organisation-wide specific IT control frameworks such as COBIT (the international Information Systems Association of Certified Auditors product) and ITIL
- IT general controls assessments on IT security policies and security management procedures, logical access, change and release management, IT physical and environmental security, incident and problem management, and disruptive conditions to disaster recovery and backups.