1. COMPANY PROFILE
  2. OFFERINGS
  3. TEAM
  4. EXPERIENCE
  5. SUCCESS STORIES
  6. MANAGEMENT
  7. CONTACT US
We are a private limited company established to offer services dealing with system audit and related areas.

Information Systems Audit

To identify the loopholes or lacunas in systems is an important activity. IS security audit typically covers security related to PC based systems, LAN, WAN applications, client server systems, internet security and security related to web applications, Mobile and Wireless computing. Typically, focus of an IS Audit is IT Systems Security and Controls. IT Governance constitutes an important aspect of IS Audit.
  1. IS Security Audit
    It include review of:
    Physical Access Control - Physical access controls are designed to protect the organization from unauthorized accesses. IS Auditor reviews these access controls with specific objective of protection of IT Assets.
    Environmental Security - Environmental exposures are primarily caused due to natural calamities and disasters. Such disasters can severely damage the organization´s IT services. An IS Auditor reviews action taken by the organization against environmental exposures.
    Logical Access controls - This concept relates to managing and controlling access to an organization´s information resources residing on host and network based computer systems.
    An IS Auditor analyses and evaluates logical access control´s effectiveness in accomplishing information security objectives.
    The checking includes accesses at -
    1. Application level
    2. Database level
    3. Operating System level
    4. Network level - port scanning, vulnerability scanning, penetration testing, remote access
    5. Firewall/IDS
    6. Audit trails/Audit logs
  2. IS Audit in ERP Environment
    ERP is a very effective business tool and has a far-reaching impact on business performance and control system. Considering the typical ERP issues an independent, thorough and extensive ERP audit is the need of the hour, in order to ensure integrity, confidentiality and availability of the crucial data.

    The management should get the “impact analysis” done to evaluate the benefits from ERP implementations. Since the very objective of IS Audit is to ensure that the IT implementations are working efficiently, and effectively, the IT assets are properly protected against the risk and the data generated is accurate, complete and available as and when required, it can be considered as an assured tool to throw light on the “level” of implementation like.
  3. Data Center Audit
    Nowadays, various organizations are using centralized system wherein which the data resides on one server to which various locations are connected. This makes the IT audit of data center very crucial from the point of view of availability, integrity and confidentiality of data.
  4. Vulnerability Assessment and Penetration Testing
    In a wide area network (WAN) connectivity environment, networks are exposed to various risks. Vulnerability Assessment exercise helps in identifying such weak links in your network. Penetration testing is testing of the security of your network remotely so that the unauthorized accesses are controlled.

Compliance Audits - Preparatory Support

To provide hand-holding to the clients for Sarbanes Oxley (SoX) requirements - documentation of risk control matrix and testing of controls. To provide guidance to organizations in preparation for ISMS (Information Security Management System) implementation. (ISO 27001)
  1. ISO 27001 Compliance Audit Preparatory Support
  2. Sarbanes Oxley (SoX) Compliance Audit Preparatory Support
  3. SAS70 Compliance Audit Preparatory Support
  4. Clause49 documentation support

Operations Audits

To validate whether the organization is effectively and efficiently utilizing the IT systems investment made. This is a very crucial activity from stakeholders´ point of view. Review of Management/Operations involves undertaking involved studies to confirm whether all the IT assets (hardware, software, human resources, data/information etc.) are being utilized optimally or not. This would also involve deep- level database audits for security and performance, network design review, hardware sizing, software feature utilization reviews, human resource deployment etc.
  1. Efficiency/Resource Utilization/Work Productivity
  2. Database Audit

Implementation Reviews

Even when systems are implemented per plan or processes are deployed per strategic vision, possibility of some aspects being overlooked or missed exists; especially when implementation cycles are long. Post-implementation reviews help to identify on weak links and propose workarounds for improvement - Often; organizations are challenged by initial problems after ERP implementations; such as weak or inadequate internal controls, incorrect business process mapping, duplication of work for users, mis-configured modules etc. Such third party reviews by experts give the correct diagnosis of the situation to the management along with the suggestions for improvement. Similarly many times security policies are designed but are not implemented well. Such review helps to find out the gaps in planning and implementations.
  1. Review of ITIL Best Practices
  2. Review of ERP Implementation
  3. Security Policy Implementation
  4. Controls Review
  5. Data Migration Audits

Consulting

The breath taking speed at which the Information Technology is growing it is neither possible nor desirable to have all the required skill sets internally. The trend in the industry is to outsource such services to specialists.

We provide assistance by deploying a team of consultants with necessary skills and experience and carry out root-cause analysis of the client´s business problem.

Our focus is to provide consulting in the areas of organizational risk assessment, IT policy design, IT product selection advice, IT applications integration, data migration, network design and security product implementation
  1. IT Risk Assessment
  2. Gap Analysis
  3. Documentation Guidance -
    For documentation of user requirements, testing plan and test cases, IT security policies, Process documentation etc.
  4. IT Integration -
    Many organizations use multiple IT applications, platforms which leads to duplication of efforts and integration issues. We provide consultancy for effective integration of IT systems.
  5. Data Migration Tools
  6. Product Selection Advice - software or hardware
  7. Network Design
  8. Security Policy Development & Guidance for Implementation

SUCCESS STORIES

  1. Pan – African Bank – Card Operations Audit
  2. Co-operative Bank – Post Implementation IS Audit
  3. Manufacturers of Sheet Metal Components & Assemblies
  4. Consulting partners with Zensar

DOWNLOADS

Download Brochure Download Company Profile(PDF - 113kb)