Information System Auditing
- Special Information System Auditing
- Information System Audit for Internal and Compliance Auditing
- Information Systems Risk and Compliance Audit
- Value for Money auditing for Information Systems Performance
Special Information System Auditing
Auditec understands that in an environment where customers and clients are increasingly affected by a business' IT systems, extra assurance is required to satisfy stakeholder expectations. We apply standards to ensure to conduct in-depth analysis of control activities. This involves evaluation of controls in transaction processing as well as IT and related processes.
Auditec conducts auditing of organization's information systems based on Terms of Reference of the client. This covers information technology governance, policies, operations, infrastructure and applications depending on client’s needs. This is done through planning, gathering evidences, analysis and report writing.
Auditec applies Information Systems Standards and tools to determine whether organization’s information system safeguards assets, maintains data integrity, allowing organizational goals to be achieved effectively and uses resources efficiently and effectively. Our reviews include the review of Information Technology governance, Operations, Environment, Security, Access Controls, Assessment of Vulnerability and penetration testing of networks.
We audit System Development Life Cycle and testing the performance. We verify that the systems under development meet the goals of the organization and to assure that the systems are developed according to generally accepted standards for systems development in all stages from requirement to handling to the usage.
We also check features and application capabilities for establishing the lawfulness in the applicant’s logical access controls. We reviewing operational adequacy of the application package.
Information System Auditing for Internal and Compliance Auditing
We offer Information Systems Auditing for Internal Audit function. Auditec provides these services annually either as an outsourced function for internal auditing or as special professional input to internal audit function.
Auditec conducts information systems auditing and risk evaluation through internal audit function. This is has been one of the effective approaches in giving assurance to internal auditing as well as ensuring Information Technology governance is maintained.
We examine Information System controls as well as business and financial controls that involve information technology systems. This is examination of management controls within Information systems projects, operations, application or infrastructure based on client’s needs. This service ultimately ensures compliance of information systems to regulations and enhances effectiveness of Internal Audit functions.
Information Systems Risk and Compliance Audit
Auditec identifies and evaluates risks and their potential effects to its clients. This is done through systematic consideration of business harm likely to result from a security failure, taking into account potential consequences of a loss of confidentiality, integrity and availability of information assets. It is also the evaluations of prevailing threats and vulnerabilities and the controls currently implemented by the organizations.
Auditec conducts this through risk assessment so as to develop an overall IS Audit Plan and determine priorities for the effective allocation of IS audit resources. We then conduct risk assessment to develop an overall IS Audit Plan.
We also develop suitable annual risk assessments to businesses by considering Criticality of the applications/systems, Types of System criticality of business operation, Number of users of the systems, Number of interfaces to the system, Mode of connection to the network (intranet, extranet or web based/public domain), Number of years the system has been operational, Volume of data in the system, System implementation method, as well as Stakeholders interest, Prior Year Audit.
This type of audit aim at ensuring business continuity is maintained.
Value for Money auditing for Information Systems Performance
We conduct this type of audit to determine whether systems and applications are appropriate to the entity's requirements, are efficient, effective and adequately controlled to ensure valid, reliable, well timed, and secured input, processing and output. This is done to management, projects or operations in safeguarding organization’s assets and achieving goals of organization.
In Value for Money auditing, we also audit Information Processing Facilities for ensuring the timely, accurately and effective processing of the applications under any condition whether normal or disruptive. We check value of Information Systems to an organization as well as information systems performance.
We check efficiency, effectiveness and economic value of information technology investments. We conduct investment appraisal and performance monitoring. This ensures clear understanding of the benefits that IT brings to an organization. We also evaluate whether Information technology is aligned with business processes, including consistency, reliability and quality of Information Technology assets and other resources.
We evaluate information systems to ensure that business delivers value and that the possible risks are managed using technology. We also check whether Information System governance structure is aligned with corporate governance framework.