IT Internal Audit

The risks arising from the use of IT can affect all organisations at a strategic, tactical and operational level. It is essential that the audit function identifies and understands these risks in order to develop effective plans for the ongoing assessment of the control framework. Our risk assessment methodology enables us to obtain a detailed understanding of the IT risks facing the organization, and will enable the development of effective IT audit plans.

IT is a major investment for business today and it is important that your organization is getting value for money from your IT. Our approach allows you to access the performance of IT in selected areas or across the whole organization, and helps to realise the appropriate balance between business needs and IT resources.

With the emphasis on the Sarbanes-Oxley Act (SOX) regarding the responsibility of management to design and maintain appropriate internal controls over financial reporting, the importance of rigorous IT controls has taken on renewed urgency for public companies.

IT Controls engagements employ a structured approach to assessing, designing, and implementing the process and controls associated with new or existing business software applications. Our flexible methodology and tools enable us to assess risk and controls within business processes.

An ITSM concept based on an IT management approach focused on business user needs makes it possible to:

• Improve IT cost transparency and effectiveness
• Ensure the availability of business-critical IT services
• Establish generally accepted IT governance standards

Key ITSM documents:

• ITIL (Information Technology Infrastructure Library) – based on ITSM best practices
• CobiT (Control Objectives for Information and Related Technologies) – the IT management methodology of the Association of ISACA.