Information Systems Audit
To identify the loopholes or lacunas in systems is an important activity. IS security audit typically covers security related to PC based systems, LAN, WAN applications, client server systems, internet security and security related to web applications, Mobile and Wireless computing. Typically, focus of an IS Audit is IT Systems Security and Controls. IT Governance constitutes an important aspect of IS Audit.
-
IS Security Audit
It include review of:
Physical Access Control - Physical access controls are designed to protect the organization from unauthorized accesses. IS Auditor reviews these access controls with specific objective of protection of IT Assets.
Environmental Security - Environmental exposures are primarily caused due to natural calamities and disasters. Such disasters can severely damage the organization´s IT services. An IS Auditor reviews action taken by the organization against environmental exposures.
Logical Access controls - This concept relates to managing and controlling access to an organization´s information resources residing on host and network based computer systems.
An IS Auditor analyses and evaluates logical access control´s effectiveness in accomplishing information security objectives.
The checking includes accesses at -
- Application level
- Database level
- Operating System level
- Network level - port scanning, vulnerability scanning, penetration testing, remote access
- Firewall/IDS
- Audit trails/Audit logs
-
IS Audit in ERP Environment
ERP is a very effective business tool and has a far-reaching impact on business performance and control system. Considering the typical ERP issues an independent, thorough and extensive ERP audit is the need of the hour, in order to ensure integrity, confidentiality and availability of the crucial data.
The management should get the “impact analysis” done to evaluate the benefits from ERP implementations. Since the very objective of IS Audit is to ensure that the IT implementations are working efficiently, and effectively, the IT assets are properly protected against the risk and the data generated is accurate, complete and available as and when required, it can be considered as an assured tool to throw light on the “level” of implementation like.
-
Data Center Audit
Nowadays, various organizations are using centralized system wherein which the data resides on one server to which various locations are connected. This makes the IT audit of data center very crucial from the point of view of availability, integrity and confidentiality of data.
-
Vulnerability Assessment and Penetration Testing
In a wide area network (WAN) connectivity environment, networks are exposed to various risks. Vulnerability Assessment exercise helps in identifying such weak links in your network. Penetration testing is testing of the security of your network remotely so that the unauthorized accesses are controlled.
Operations Audits
To validate whether the organization is effectively and efficiently utilizing the IT systems investment made. This is a very crucial activity from stakeholders´ point of view. Review of Management/Operations involves undertaking involved studies to confirm whether all the IT assets (hardware, software, human resources, data/information etc.) are being utilized optimally or not. This would also involve deep- level database audits for security and performance, network design review, hardware sizing, software feature utilization reviews, human resource deployment etc.
Efficiency/Resource Utilization/Work Productivity
Database Audit
Implementation Reviews
Even when systems are implemented per plan or processes are deployed per strategic vision, possibility of some aspects being overlooked or missed exists; especially when implementation cycles are long. Post-implementation reviews help to identify on weak links and propose workarounds for improvement - Often; organizations are challenged by initial problems after ERP implementations; such as weak or inadequate internal controls, incorrect business process mapping, duplication of work for users, mis-configured modules etc. Such third party reviews by experts give the correct diagnosis of the situation to the management along with the suggestions for improvement. Similarly many times security policies are designed but are not implemented well. Such review helps to find out the gaps in planning and implementations.
Review of ITIL Best Practices
Review of ERP Implementation
Security Policy Implementation
Controls Review
Data Migration Audits
Consulting
The breath taking speed at which the Information Technology is growing it is neither possible nor desirable to have all the required skill sets internally. The trend in the industry is to outsource such services to specialists.
We provide assistance by deploying a team of consultants with necessary skills and experience and carry out root-cause analysis of the client´s business problem.
Our focus is to provide consulting in the areas of organizational risk assessment, IT policy design, IT product selection advice, IT applications integration, data migration, network design and security product implementation
IT Risk Assessment
Gap Analysis
Documentation Guidance -
For documentation of user requirements, testing plan and test cases, IT security policies, Process documentation etc.
IT Integration -
Many organizations use multiple IT applications, platforms which leads to duplication of efforts and integration issues. We provide consultancy for effective integration of IT systems.
Data Migration Tools
Product Selection Advice - software or hardware
Network Design
Security Policy Development & Guidance for Implementation