Our IT audit is based on the following frameworks and standards: Information Systems Audit and Control Association (ISACA), International Organization for Standardization (ISO) [iso.org], IT Assurance Framework (ITAF), Control Objectives for Information and Related Technologies (COBIT) [isaca.org], the Institute of Internal Auditors [theiia.org], and the National Institute of Standards and Technology (NIST).

Our IT Audit Scope includes:

• IT Governance
• Review of IT Strategy Planning.
• Review and assessment of the organizational structure of the IT Department with emphasis on segregation of duties.
• Review and evaluate IT Policies, Information Security Policies, and Procedures (Operational and Security).
• Review of Management process of Business Continuity and IT Disaster Recovery Planning.
• Change and/or Patch Management.
• Controls related to change authorization, testing, approval, and deployment of changes.
• Segregation of duties over change management process.
• Change monitoring process over applications, operating systems, databases, and networks.
• User Access Management
• Privilege ID Access Management.
• Access provisioning/deprovisioning and Modification.
• User Access Review.
• Password Controls on applications, operating systems, and databases.
• Security settings of corresponding databases of applications.
• Security settings of hosting operating systems of applications.
• Review of antivirus management.
• Physical and Environmental Controls in Data Center.
• Data Backup and Recovery Management.
• BCP Business Continuity Planning and DRP Disaster Recovery Planning.
• Problem and Incident Management.
• Review of Network Security Controls.
• Local Area Network and Wide Area Network.
• Configuration/Patch Management for systems and networks.
• Remote access procedure and related controls.
• Email security policy and associated controls.
• User Account Management for network and related infrastructure.