AUDITING & RISK ASSESSMENTS

Auditing the information technology function of an enterprise is a process designed to investigate how effectively the business implements information technology governance. IT governance is an increasingly important part of an enterprise because companies depend on their information infrastructure to function properly.

Network audits are aimed at determining the efficiency, performance and reliability of the IT infrastructure to reduce the costs associated with downtime and poor application performance.

Our services include:

  1. Information Security risk assessments and investigations which provides organizations detailed risk analysis reports showing the threats their information assets are exposed to.
  2. System and Enterprise Security architecture based on common frameworks e.g. TOGAF
  3. Design and implementation of governance and control frameworks that support the architecture. We also tailor common frameworks (e.g. ISO 27000, NIST, SANS) to meet individual customer requirements
  4. Implementation of Information Security related technologies, based on sound design principles, such as; Anti-malware solutions, Perimeter Security Solutions, Identity and Access Management Solutions, Telecommunication Security and Security Incident and Event Management solutions
  5. Expert consulting in information security
  6. Project management of all solutions crafted

The following questions, as a guideline, should be kept in mind with regards to the role of IT in the enterprise:

  • Is the Information Technology architecture aligned to our business goals?
  • Are the Information Technology resources used responsibly?
  • Are the Information Technology risks managed appropriately?

An audit of the processes, standards, procedures and information infrastructure in place will answer the above questions.

Information Technology is used to make the business:

  • Efficient by implementing automation
  • Effective by decreasing costs
  • Reduce risks by implementing effective counter-measures
An information technology audit will provide valuable information for the IT function and the business. The information gathered during the audit process is not only used to decrease the security risks inherent with using information technology, but can also be used to help business provide better information technology governance.

An auditor can provide the following services:

  • Evaluate controls over specific applications
  • Provide assurance over specific processes
  • Provide independent analysis
  • Penetration testing of specific applications or services
  • nformation technology auditing is just as important as financial auditing, tangible and intangible losses can be calculated with respect to damage to information infrastructure. Most businesses cannot survive without this infrastructure in place and running efficiently and securely and an information technology audit is the best way to ensure that this critical part of the business is properly managed.