IT auditing, also known as ICT, computer, network or systems auditing, is a professional discipline involving several different techniques for independently reviewing computer and network systems, IT departments and a company's use of IT. Here are some examples of IT audit reviews typically performed by IsecT consultants:

• Governance controls within IT departments and development projects e.g. management structures, financial planning, management information and reporting, post-implementation reviews, IT strategy reviews including the relationship to other business strategies
• IT/network system security controls e.g. reviewing information security controls during the testing phase of systems development, or on operational systems and networks (technical, physical and/or procedural controls; preventive, detective and/or corrective controls)
• Post-incident reviews to discover the root cause/s of information security incidents
• IT disaster contingency planning including the IT elements of business continuity planning
• IT installation reviews, focusing on physical security, uninterruptible power supplies, air conditioning, fire/flood protection etc. for the computer suite
• Broad-based ISO/IEC 27002-based reviews, ranging from pre-certification ‘gap analysis’ to periodic assessment against a consistent standard (ask us about our special ISO/IEC 27002 benchmarking service)

Auditing necessarily involves us working independently of the function being audited, in order to be objective. However at IsecT, we prefer the more consultative modern style of internal auditing involving close interaction with the auditees during the fieldwork phase, rather than the traditional ‘tick-and-bash’ style of compliance auditing typical of old-fashioned external (primarily financial) auditors. Although auditors form opinions on historical and current facts, we are keen to ensure that our audits are, as far as possible, forward-looking with a view to making long-term value improvements in the organization.

For more information, read our IT Audit FAQ or contact us.

Copyright © 2008 IsecT Ltd.