IT Security Audit

Feature image

With the focus on providing assurance to organizations regarding controls on Information Systems (IS) assets coupled with review, advice and recommendations for increasing the performance of various IS functions and processes, our overall IS Audit offerings are well organized and structured thus giving maximum value-addition to the organizations:

  • Audit Subject – initial identification of audit areas like network infrastructures, database, processes and thus to be customized as per client requirements and scope
  • Audit Objective – identification of overall purpose of the IS audit (for instance objective can only be limited to efficient usage of systems)
  • Audit Scope – identification of specific systems, functions and unit/departments of the organization for which IS audit would be carried out
  • Pre-audit Planning – identification of technical skills, resources and data for the IS Audit coupled with planning for overall risk management
  • Audit procedures and steps for data gathering – Sorting out of overall approach for through which verification and test of controls (integral part of IS audit) would be carried out. Furthermore, a list of interviews/meetings with the client would be prepared. Other than that, departmental policies, standards, and guidelines for review would be collected from the client. Finally, any specific audit tools and methodology would be defined for testing and verification of controls
  • Procedures for evaluating the test or review results – Finalization of actual checklists and steps against which tests would be carried out at client (including evidence collection) and thus results would be reviewed on the basis of which audit findings would be produced. Subsequently, these procedures would be implemented as part of overall IS audit
  • Procedures for communication with client – Defining a basic communication structure for the correspondence with the client in terms of results and recommendations
  • Audit report preparation - Reviewing and analyzing the collected data and results of audit procedures, thus on the basis of which audit report would be drafted
    2020 Nescop all rights reserved.