|
IT auditing, also known as ICT, computer, network or systems auditing, is a professional discipline involving several different techniques for independently reviewing computer and network systems, IT departments, IT-related security controls and an organization’s use of information. Here are some examples of IT audit reviews typically performed by IsecT consultants:
-
Governance controls within IT departments and development projects e.g. management structures, financial planning, management information and reporting, post-implementation reviews, IT strategy reviews including the relationship to other business strategies and corporate functions
-
IT/network system security controls e.g. reviewing information security controls during the testing phase of systems development, or on operational systems and networks (technical, physical and/or procedural controls; preventive, detective and/or corrective controls)
-
Post-incident reviews to discover and address the root causes of information security incidents (the auditors’ independence and objectivity is a crucial factor here)
-
Contingency planning including the IT elements of business continuity planning and disaster avoidance through resilience and other controls
-
IT installation reviews, focusing on physical security, uninterruptible power supplies, air conditioning, fire/flood protection etc. for the computer suite
-
Broad ISO/IEC 27002-based ISMS audits, ranging from pre-ISO/IEC 27001 certification ‘gap analysis’, to internal ISMS audits and periodic reassessments to internationally accepted standards (ask us also about our special ISO/IEC 27002 benchmarking service)
Classical auditing requires that auditors are independent of the function/s being audited in order to be totally objective. However, to be honest, we prefer the more consultative modern style of internal auditing involving close interaction with the auditees during the fieldwork phase, rather than the traditional ‘tick-and-bash’ arms-length style of compliance auditing typical of old-fashioned external (primarily financial) auditors. Although auditors form opinions on historical and current facts, we are keen to ensure that our audits are, as far as possible, forward-looking with a view to making long-term value improvements in the organization.
For more information on this, read our IT Audit FAQ or contact us to find out what we can do for you.
|
