Internal Audit

IT Audit

Our IT audit is based on the following frameworks and standards: Information Systems Audit and Control Association (ISACA), International Organization for Standardization (ISO) [], IT Assurance Framework (ITAF), Control Objectives for Information and Related Technologies (COBIT) [], the Institute of Internal Auditors [], and the National Institute of Standards and Technology (NIST).

Our IT Audit Scope includes:

  • IT Governance
  • Review of IT Strategy Planning.
  • Review and assessment of the organizational structure of the IT Department with emphasis on segregation of duties.
  • Review and evaluate IT Policies, Information Security Policies, and Procedures (Operational and Security).
  • Review of Management process of Business Continuity and IT Disaster Recovery Planning.
  • Change and/or Patch Management.
  • Controls related to change authorization, testing, approval, and deployment of changes.
  • Segregation of duties over change management process.
  • Change monitoring process over applications, operating systems, databases, and networks.
  • User Access Management
  • Privilege ID Access Management.
  • Access provisioning/deprovisioning and Modification.
  • User Access Review.
  • Password Controls on applications, operating systems, and databases.
  • Security settings of corresponding databases of applications.
  • Security settings of hosting operating systems of applications.
  • Review of antivirus management.
  • Physical and Environmental Controls in Data Center.
  • Data Backup and Recovery Management.
  • BCP Business Continuity Planning and DRP Disaster Recovery Planning.
  • Problem and Incident Management.
  • Review of Network Security Controls.
  • Local Area Network and Wide Area Network.
  • Configuration/Patch Management for systems and networks.
  • Remote access procedure and related controls.
  • Email security policy and associated controls.
  • User Account Management for network and related infrastructure.

Want to know more?