What is an IT Audit?
An information technology audit, or information systems audit, is an examination of the management controls within YOUR Information Technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other forms of attestation engagement.
IT audits are also known as “automated data processing (ADP) audits” and “computer audits”. They were formerly called “electronic data processing (EDP) audits”.
An IT audit is different from a financial statement audit. While a financial audit’s purpose is to evaluate whether an organization is adhering to standard accounting practices, the purpose of an IT audit is to evaluate the system’s internal control design and effectiveness. This includes, but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight.
Our Information Systems Auditors are on hand to carry out audit of specific areas of our clients’ information systems and IT infrastructure on demand. Our IT audit services are world class and provide our clients’ management assurances on the effectiveness and adequacy of controls in their information systems, processes and operating environment. Some of our specialized audits are listed as follows.
- Information Security Management System (ISMS) Audit in line with ISO/IEC 27001 requirement.
- Value for Money & Special Audit.
- Design and Development of IT Audit Programs & checklists, audit procedure and report templates for the IT Audit/Information Systems Audit function.
- Physical Security Audit: Premises, equipment, physical & Logical access restrictions & environmental protection.
- Logical access control review: logical access controls, password policy, operating systems access controls, network and database access controls, authentication & authorizations, access log, incident and change management.
- Networks & Telecommunication Audit: Switches, Routers, IPS/IDS, Firewalls, Wireless access points & devices, Network layout designs and diagrams, Network segmentation and VLANs, Network Access Controls (TACAS+/ACS), incident monitoring and network log management & audit trails, VPNs, etc.
- Business Continuity Management & Disaster Recovery Audit: Business Continuity Management System, Data backups (Enterprise backup system), Contingency plans & business continuity resilience, virus countermeasures & anti-intrusion defenses, Disaster recovery planning, Disaster recovery (DR) site.
- IT Governance and Strategic Planning Audit: Information Systems Strategy, Governance structure for enterprise IT, IT Budgeting, IT Outsourcing Services (Service Level Agreement, Vendor pre-qualification, Contracting, etc), Job segregation, application development and software acquisition procedures, information system process guidelines and standards, Computer abuse and Incident management.
- IT infrastructure Security and ISMS Audit: Information Security Strategy & Goals, responsibility for information and IT infrastructure security, IT Security policies and procedures, Penetration testing and vulnerability scan, Use of security tools (such as Arcsight, Tripwire, Nessus, Qualysguard, Acunetix, etc.) for scanning, Information Security Standards & control framework (ISO 27001:2013, PCI-DSS version 3, COBIT 5.0, ISO 20000, ISO 22301), Information Security Incident management and reporting, Implementation of system security tools like Arcsight, Tripwire, Network access control (NAC), Nessus, McAfee ePO, Anti-skimming devices, Imperva, Entrust (2nd factor authentication token), Physical & Logical security.
- Applications Audit: Core application (ERP, Banking application, etc), SWIFT, Business Process applications (Portals), HR and Payroll software, Call Centre applications, Instant payment application, Mobile Money platform, Frontend Processor (FEP), Card Management Systems Applications (Transware, Postillion Office, Post Card, Real-time) E- Channels applications & Systems, ATM/POS/Web merchant acquisition, Online Banking, Loan Processing platform, Operational Risk management application, Local & International money transfer, etc.
- Operating System Audit: UNIX (AIX/Solaris), Linux (Red Hat, Ubuntu), Netapp Storage Systems, Symantec Net Backup Infrastructure, Windows Servers (Active Directory/Domain controller, MS Exchange Server, ISA/Proxy, VMWares, Servers), Windows workstations (PCS and PDAs).
- Database Audit: Oracle (8i, 9i, 10g, 11g), Microsoft SQL Server, My SQL, Sybase, Postgress.
- Revenue Assurance & Fraud Detection through the use of CAAT software (ACL Software) for monitoring of income lines Commission on Turnover (COT), Overdrawn accounts interest charge, interest expense/income and loan fees & commissions, loan repayments and interests, International Operation fees & commissions on FX transfers, integrity of transactions and financial statement.
- Data analysis using ACL Software.
- System development lifecycle review: application development project initiation, requirement definition, development, testing (UAT), deployment, maintenance, & monitoring.
Please Contact us if you need additional information or require any of our IT audit services. Our tested team of Experts are on hand to answer all your questions and serve you.