There is an increasing demand for specialist IT audit and IT risk management skills to address the changing requirements and demands of today's business enterprises and the increased risk awareness of board members and executive management.
RSM provides specialists skilled in the disciplines of IT governance, IT risk advisory, information security and IT audit, with a view to meeting these demands. We provide services and advice in support of external auditors and in the roles of internal audit, IT risk advisors and as independent consultants to executive management, IT management and business unit managers.
We service organisations in the government and private sectors and operate across all technology platforms and software environments. Our IT risk and audit practitioners understand the risks which may jeopardise the availability, integrity and performance of your business systems and data. Our aim is to provide independent and objective services to identify and measure risk and the effectiveness of your processes and controls and then to assist you in formulating practical remedial measures to mitigate that risk.
IT audit focus areas
- assessing effectiveness of processes/controls in the IT environment/infrastructure
- assessing the effectiveness of processes/controls addressing specific business systems
- assessments focused on specific risks
- assessments of third party organisations (performance against contract, SAS70 reviews)
- audits and pre-certification reviews for a range of standards applicable to today's IT environments (eg ITIL, COBIT, PCI, ISO/IEC 31000, ISO/IEC 20000, ISO/ IEC 27001)
- information management and data security
- vulnerability assessments (WAN, LAN, internal and external threats)
- IT governance (business reliance on IT, performance, accountability, return on investment, effectiveness in servicing the business requirements)
- IT project governance (involvement in projects for the purposes of assessing project governance and ensuring compliance with methodology)
- pre- and post-implementation reviews
- benefits realisation reviews and assessment of return on investment
- maturity assessments and modeling
- design and execution of computer assisted audit techniques (CAAT) and data analysis to support
- investigations, evidence gathering, audits and other reviews requiring high volume, objective data analysis
- business impact assessments, recovery strategy selection, assistance with the development
- and implementation of disaster recovery plans and business continuity plans
- assisting in the establishment and implementation of organisation-wide specific IT control frameworks such as COBIT (the international Information Systems Association of Certified Auditors product) and ITIL