IS (IT) Audit – audisys

Audit at Audisys

Until recently, IT Audit was perceived to be most importantly a complimentary part of financial audit in line with specified regulations. At audisys, IS audit means far more than is traditionally known. While IS audits were conducted hitherto to fulfil certain obligations to regulatory authorities and stakeholders, we take it further.

We undertake IS audits looking for opportunities to use the latest technologies to radically transform the way organisations do business. Audisys is primarily about Information Systems auditing, as you may quickly note that the word “audisys” was coined from the two words “audit” and “systems”.

By examining the management controls which comprise security protocols, development processes, and IT governance or oversight within an Information technology (IT) infrastructure, and evaluating the obtained evidence, we determine if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives.

Our audit report serves several purposes, including the traditional purpose of being part of a financial audit statement, identifying control gaps, hardware and software deficiencies, and redundancies; but we also take it further to unravel outsourcing and transformational potentials.

When information systems or information technology fails to deliver the services that people need, the result is often catastrophic. IS/IT has become complex, and includes email, Internet access, document storage, networks, outsourced contracts, applications and databases; many of which are complex.

Apart from engaging just in the traditional audit exercise as we know it, Audisys go steps further to conduct other value adding examinations such as;

Web Presence Audit:

We examine the impact of the extension of the corporate IT presence beyond the corporate firewall (e.g. the adoption of social media by the enterprise along with the proliferation of cloud-based tools like social media management systems). The purposes of these audits include ensuring the company is taking the necessary steps to;

prevent information leakage
mitigate third-party risk
minimize governance risk
prevent use of unauthorized tools
minimize damage to reputation
maintain regulatory compliance

Enterprise Communications Audits:

The rise of VOIP networks and issues like BYOD and the increasing capabilities of modern enterprise telephony systems causes increased risk of critical telephony infrastructure being mis-configured, leaving the enterprise open to the possibility of communications fraud or reduced system stability. Banks, Financial institutions, and contact centres typically set up policies to be enforced across their communications systems. We conduct these audits to ensure that our client’s communication systems;

adhere to stated policy
prevent or minimize toll fraud
follow policies designed to minimize the risk of hacking
minimize governance risk
maintain regulatory compliance
mitigate third-party risk

Technological position audit:

Here, we review the technologies that the business currently use and determine those it needs to add, including supporting hardware if need be.

The benefits of our IS audit report is to discover gaps and vulnerabilities, but also to unravel opportunities upon which transformational projects can be hinged.

Overall we help our clients to assess the risk to the company’s information asset, to establish methods of minimizing those risks, and to unravel potentials for a radical transformation.

If you require or are contemplating using our services; or you just need to know more, please kindly contact us.