With the focus on providing assurance to organizations regarding controls on Information
Systems (IS) assets coupled with review, advice and recommendations for increasing
the performance of various IS functions and processes, our overall IS Audit offerings
are well organized and structured thus giving maximum value-addition to the organizations:
- Audit Subject – initial identification of audit areas like network infrastructures,
database, processes and thus to be customized as per client requirements and scope
- Audit Objective – identification of overall purpose of the IS audit (for instance
objective can only be limited to efficient usage of systems)
- Audit Scope – identification of specific systems, functions and unit/departments
of the organization for which IS audit would be carried out
- Pre-audit Planning – identification of technical skills, resources and data for
the IS Audit coupled with planning for overall risk management
- Audit procedures and steps for data gathering – Sorting out of overall approach
for through which verification and test of controls (integral part of IS audit)
would be carried out. Furthermore, a list of interviews/meetings with the client
would be prepared. Other than that, departmental policies, standards, and guidelines
for review would be collected from the client. Finally, any specific audit tools
and methodology would be defined for testing and verification of controls
- Procedures for evaluating the test or review results – Finalization of actual checklists
and steps against which tests would be carried out at client (including evidence
collection) and thus results would be reviewed on the basis of which audit findings
would be produced. Subsequently, these procedures would be implemented as part of
overall IS audit
- Procedures for communication with client – Defining a basic communication structure
for the correspondence with the client in terms of results and recommendations
- Audit report preparation - Reviewing and analyzing the collected data and results
of audit procedures, thus on the basis of which audit report would be drafted