It is a systematic approach to determine whether the IT infrastructure in the company is within proper management controls. Its main objective is to provide platform in maintaining integrity, safeguard and operate effectively as per organization objectives. It can be done with combination with a financial audit, internal audit or any other form of assessment.
The operation of IT audit can carry out with automation tools which can be computer audits or electronic data processing audits.
Scope of IT audit:
The scope of IT audit can varies on the standard followed or requirements of the client. We, The Entrust solutions offer the board level of IT audits include following topics:
- Auditing Entity-Level Controls
- Auditing Data Centres and Disaster Recovery
- Auditing Routers, Switches and Firewalls
- Auditing Windows Operating Systems
- Auditing Unix and Linux Operating Systems
- Auditing Web Servers and Web Applications
- Auditing Databases
- Auditing Storage
- Auditing Virtualized Environments
- Auditing WLAN and Mobile Devices
- Auditing Applications
The main theme of IT audits is to assessment of Security Controls, Access Controls and IA Controls.
IT Audit Process
Entrust solutions follow The standard process of IT Audit:
IT Audit Standards
- Identify and Documentation of Controls
- Evaluate and validate Controls
- Solution Development
- Report drafting and issuance
- Follow-up Action
There are various standards and guidelines for IT Audit which helps in providing tools and techniques to carry out the IT Audit. The following are IT audit standards:
Our approach :
- Committee of Sponsoring Organizations (COSO)
- Control Objectives for Information and Related Technology (COBIT)
- IT Infrastructure Library (ITIL)
- ISO 27001
- National Security Agency (NSA) INFOSEC Assessment Methodology
- Follow-up Action
IT Audit benefits:
- Walk-through of each IT Audit process, identifying company objectives, carry out IT audit, assign control objectives and identify associate controls where applicable.
- Independently test each of the identified IT infrastructure elements and document the appropriate evidence and subsequent control testing.
- Evaluate the operating effectiveness of each control test results and the documentation.
- For all control failures we can assist with determining the required solution to address the outstanding inefficiencies and arrange the identified solution plans.
- To maintain security and integrity of confidential information
- To reduce IT security risks that organization may have
- To gain trust of customer by providing assurance of security measure used
- To evaluate IT infrastructure systems.
- To compliance the standard or regulatory of IT Audit