Audit

Description

Auditing is a powerful tool for IT governance. Based on hard facts, audit reports provide the management with an objective snpashot of the organization’s current situation, risk profile or over a defined issue.

IT audits shall be constructive for all stakeholders – management and auditees – in order to determine the right measures to improve the organization, optimize its risk profile and ensure compliance to regulations. It should also enable the auditees to communicate their perception of the situation and to report problems, opportunities and corrective measures needed without going through the traditional hierarchical reporting channels.

Domains

Support to the Internal Audit Department

Definition and implementation of an internal audit process according to IIA / ISAI best practices
Elaboration of an internal audit strategy integrating:
- New and upcoming technology-related topics that will have to be audited
- Continuous improvement of internal audit processes, tools and staff
Integration of internal audit with the major processes of the company:
- Risk Management: ERM & ORM
- Information security and positioning of internal audit
- Portfolio management of services and projects
Development of IT controls and IT control self-assessment questionnaires

Customized general computer audits

Business Processes and underlying IT services
- End-to-end Billing systems
- Order-to-cash and value chain
- Supply chain management
- Accounts Receivable and Accounts Payable
- CRM and customer relationship management, contracts and products
Audit of IT costs (organizations, projects and services)
- Evaluation of IT costs
- Identification of action points for cost-based IT strategy management
Audit of strategic IT projects and project management methods
Audit of Business Process Continuity (ISO 22’301) and IT Services
Information Security and cybersecurity audits (ISO 27’001, NIST)
GDPR DPIA (Data Protection Impact Assessment)