IT and Information Security Audit

We Perform Specialist IT and Security Audits

Technology offers tremendous opportunities for any business and remains a critical success factor in today’s competitive environment.

With growing reliance on technology and advent of advanced technologies such as robotics, machine learning, advanced analytics and cloud services – the traditional technology environment has become more complex and attracts increased regulatory scrutiny.

It is essential for the Board of Directors and Senior Management to ensure robust arrangements for governance, risk management and control processes are in place within IT and data security space to manage associated business risks and security threats.

At Global Forum, we offer a wide range of fully managed (outsourcing) and partnership (co-sourcing) options for IT internal and external audits.

IT and Security Audit Services

Our specialist audit team can provide professional and independent assurance on whether your organisation's risk management, governance and internal control processes are adequately designed and operating effectively.

Our audit methodology is based on the guidance from The Chartered Institute of Internal Auditors (IIA) and best practice control frameworks such as COSO [Committee of Sponsoring Organizations of the Treadway Commission], COBIT® [Control Objectives for Information and Related Technology], ISO/IEC 17799 and ITIL [Information Technology Infrastructure Library].

The audit work is conducted by the subject matter experts in IT audit who are certified members of globally recognised organisations such as ISACA and (ISC)² .

Our experts have leading edge technology risk assurance skills, decades of internal and external audit experience and supported by the leading-edge tools including data analytics techniques which enables them to provide high levels of assurance and risk management insight across the technology environment.

Our services include from development of a risk-based audit plan, audit needs assessment and the execution of a wide range of IT and information security audits.  Please reach out for a free, no-obligation initial consultation, and to discuss all your IT and security assurance requirements.

We have performed high quality technology and information security assurance engagements in the following areas:

Strategic and Governance Review

  • Management of IT strategy and alignment with the business requirements
  • IT governance framework and risk management processes
  • Data governance and management processes

Regulatory and Compliance Review

  • Data privacy laws and regulations including EU’s General Data Protection Regulation (GDPR)/ UK’s Data Protection Act 2018
  • ISO/IEC 27001 standard for information security management
  • Payment Card Industry Data Security Standard (PCI DSS) for businesses dealing with customers' financial information
  • Sarbanes-Oxley Act of 2002 (SOX) control compliance for US listed companies
  • CBEST Threat Intelligence Framework requirements from the Bank of England for financial services sector

Technology Operation and Security Review

  • Operation and security of IT Infrastructure such as networks (wireless, LAN, WAN), data centres, operating systems, virtual system environment, databases and telephone systems
  • Operation and security of IT applications
  • Data loss prevention and security incident response procedures
  • Data privacy management processes
  • Information security management processes
  • Identity and access management process
  • Business continuity and operational resilience processes
  • IT backup and recovery processes
  • IT service availability, performance and capacity management
  • IT change management and deployment processes
  • IT problem and incident management
  • IT asset management
  • General IT controls

Advanced Technology Reviews

  • Robotics, artificial intelligence/ machine learning application including RPA and chatbots
  • Could services
  • Blockchain usage in business
  • Advance analytics and predictive models

Technology Supplier and Cost Reviews

  • IT supplier’s management – ISAE 3402 and SSAE 16 (Formerly SAS 70) based reviews
  • IT cost management
  • IT outsourcing and procurement processes

IT Programmes and Project Assurance

IT projects are a major source of innovation and change for many organisations. As such, the risks to the success of those projects usually deserve special attention. We can perform assurance assignments at each stage of the programme, including:

  • Business case review
  • Evaluation of programme governance and project management structures and compliance with defined standard and procedures
  • Targeted reviews to deep dive into specific areas such as adherence to system technical requirements, assessment of the design of application and security controls, system testing and data validation mechanisms.
  • Stage gate or post implementation review to confirm achievement of key deliverables
  • Benefit realisation review
  • Programme and portfolio management reviews

Our professional IT internal and external audit services designed to provide high levels of assurance and risk management across the technology environment. Our work output help to identify risks and the appropriate controls to mitigate those risk to an acceptable level.

We can perform onsite audits, as well as work in remote /virtual environment. The audit timeframe typically depends on the objective and scope of the audit engagement, and our services can be easily customised to meet your specific busines needs. Please contact us for a free consultation to discuss how we can help.

LEAVE A MESSAGE

We will endeavour to reply within 24 hrs.