Information System Audit

In today’s business environment, technology and business coexist, therefore it is important to be updated with new technologies in business. All these circumstances make information technology an inseparable part of the business. Technology evolves regularly and so are the threats to technology. Hence, periodic Information system audits for business is extremely important.

 

At VJM associates LLP we understand how important data is and how information security needs to be the top priority of any company, we also know how new technology is introduced in the market every other day. Therefore, we help the clients by providing every possible service there is in the Information System audit, so that they can focus on their business process.

Know More about Information System Audit

Information System Audit is the evaluation, verification and rectification of the information system or mechanism, operations and practices of the business entity to ascertain and amend any mistake, information leak, duplication and blockages. Information system audit can be manual or computerized depending upon the need and requirement of the business entity.

 

In order to switch from manual to automated information processes it is mandatory for the firm to have a Post Migration Audit Certificate.

 

Information system audit was earlier known as Electronic Data Processing (EDP)  audit. It is also called Automated Data Processing (ADP) audit and Information Technology (IT) audit. The main objective of IS Audit is to improve the accuracy, security and relevance of the data.

An information technology (IT) audit or information systems (IS) audit is an examination of the controls within an entity’s Information technology infrastructure.

We offer a range of Information system audit services, to ensure that the relevance and security of information is maintained.

Information System (IS) Governance:-

Information Systems Governance (ISG) is a set of rules that allows the executives and stakeholders to determine how they want to decide on the Information System management, as per the Telecom business school, France. IS governance structure should meet the regulatory requirements of the Sarbanes-Oxley, International Financial Reporting Standards (IFRS), Basel II and should be within the set corporate guidelines of the government.

Effective ISG helps in delivering value to the business and in managing and compromising the risk of the business. Effective and efficient ISG is considered important by the management and stakeholders, we offer the following services-

  • Alignment of Strategies

It is important to align IT strategies with the business strategies to achieve the organisational objectives. Improper alignment can lead to faulty investment decisions and substandard policy implementation.Therefore, we critically align the IT Strategy with the business strategy.

  • Quantifying the value of Information system

With the invention and innovation of new technologies and new threats, it is important to quantify the value generation and value derived of IS. We help in the valuation of Information systems to help in acquisition and disposal of new technological advancement.

E.g., A company is planning to switch its existing system from Tally ERP to SAP. Audit helps in identification of whether the proposed system gives the required results to the entity or not and also value derived from a cost benefit analysis is carried out of cost involved and benefits derived.

  • Regular review of security system

The security system should be regularly reviewed and compared with that of the competitors. We assist in gap analysis performed keeping the set standards ISO27001, SANS, NIST etc / other industry benchmarks like CIS, CERT in mind. Failure to do so can lead to data mining and extraction.

  • System Application

We perform regular audits to make sure that the system applications are up to the mark with the requirements of the business organisation. It should be able to perform input output processes and generate results efficiently.

Auditor makes sures that any new changes prescribed under any law has been duly incorporated into the system or not. Output provided by the system is correct or not based on inputs given.

  • Business Application

To ascertain the advantages and limitations of any application, it is must to test the business application. We assist in periodic testings to determine the capabilities and features of the business application.

E.g., various accounting softwares are available in the market as per requirement of different industries. Auditor assess the requirement of the business and then check that whether the proposed business application provides requisite features or not.

  • System Development

We ensure that the systems under development meet the organisational objectives of the business and the set guidelines of the regulating body and government.

E.g. With implementation of Goods and Service Tax, new applications were developed in accordance with revised tax structure. 

  • Management of IT and enterprise infrastructure

It is important to audit the managerial process and verify the organisational structure to ensure that the IT environment is controlled and efficient.

  • Regulation and Compliance 

The framing and implementation of the regulation and compliance guidelines can be brainstorming and tricky, but is equally important. We help the organisation in setting up the framework to decrease the risk of fines and poor management of Information System resources.

 

Value and Performance of IT:-

It is always important to determine the valuation of IT and its performance. These will help in accessing the return on investment in information technology assets and are of great help in taking investment decisions and control decisions.

These days the entire business is based on IT and all management decisions are based on MIS reports generated through the system, all transactions of business are recorded into the system, all statutory compliance is carried out through the system etc. Therefore, any false performance by the system may lead to wrong decision making and multiple non-compliances. Therefore, it is necessary to determine performance of IT.

Proper investing decisions and control policies in IT helps, in ascertaining the benefits the organisation can derive from IT. We help in formulating investment appraisals and control policies through our auditing techniques.

 

Risk Issues

The technology is ever evolving and so are the risks involving new technologies. Data mining, cyber attacks,and malwares can corrupt any operating system and softwares.Our global risk research into the views of key stakeholders; the unrivalled sector insights that our industry teams offer, and risk case studies help our clients in getting solutions for their problems.

 

Technology Risk

While dealing with technology, there are various risks and issues an organisation can face. We assist our clients in the following-

 

  • Security,Privacy and Continuity

When a business entity uses any technology, it is important to ascertain the security of the data, privacy it provides to the stakeholders and continuity and sustenance of the technology. Our extensive research and experienced team helps in ascertaining these three points.

 

  • IT internal audit services

We help in strategic sourcing and planning of IT internal audit that enables an organization to assemble value-added internal audit teams that know the organization, industry, and technology, and bring the skills and tools to execute efficiently and effectively.

 

  • IT Attestation Services

The stakeholders need periodic assurance related to the safety and security of the IT department of the business. Therefore we help in reviewing the cybersecurity plans, checking if the IT standards are as per the set standards or not.

 

  • IRM (Information Risk Management) External Audits

IRM external audit is executed by external auditors, our team of external auditors help in assuring if the internal audit performed is upto the mark or not. Thereby ensuring that the utmost security is maintained.

 

  • Migration Audit

IT Migration can be defined as a “process of movement of any one or a group of IT Assets from one state of existence to another”. Migration event happens in every touch point in an IS environment such as Application Migration (From ERP, Email etc)., Operating system migration, Database migration, Hardware migration etc.  We ensure that the migration process followed is as per the financial standards and government guidelines.

 

Recommend opportunities for improvement

We recommend and give advice as a consultant to our clientele on various areas in which they can improve with audits and testing.                                                            

Data Centre Audits : Data Center Operations Review, General Computer Controls Review covering- IT Assets and resources- Personnel Security- Physical and Environmental Security- Access Controls; Operating System Review; Database Controls Review; Network Controls Reviews.        

At VJM associates LLP, we offer the following services to our clientele-

 

  1. We issue Post Audit Migration Certificates to the business entities switching from manual process to automated process.
  2. We handle the Information System Governance and make sure that it meets the stakeholders requirements.
  3. We perform IS internal audits using the tools and techniques to ensure that there is technological risk.
  4. We help in valuation of IT and then assist in making investment plans for the IT assets.
  5. We perform IRM external audits  and issue auditor’s acknowledgement.
  6. We perform regular network audits,including vulnerability and penetration testing.
  7. We perform periodic information system audits covering all the facets of the audit.
  8. We offer consultancy services for data centre audits and web application security testing.
What people say about us

FAQs on Information System Audit

Information system is the backbone of the entire business and any issue with the same may lead to huge losses to the entity and sometime can ruin the entire business. Information system audit are important because it ensures that-

  •  IT is secured and protected
  • The softwares and hardwares along with the other devices are up to date and working properly.
  • It provides correct and reliable information to its users.
  • It is able to achieve the set goals of the company.



The information system audit is conducted by performing a few tests like compliance test, web application security test and by collecting background data, control policies and by analytical review procedure. It is done by evaluating, verifying and rectifying the Information system of the IT tools.

Audit control is a control framework and guidelines set for the IT department and IT systems to ensure the security and integrity of data and smooth functioning of the IT processes.

 The main objective of IS Audit is to improve the accuracy, security and relevance of the data. The other objectives include that the information system audit is effective and efficient.

Information System Audit is the evaluation,verification and rectification of the information system or mechanism,operations and practices of the business entity to ascertain and amend any mistake, information leak, duplication and blockages.

For instance we do enter the same entry twice on the IT software assigned to us thereby leading to the duplication of entries, while information system audit we can rectify this mistake.

The two main categories of audits are internal audit which is done with the company by the employees and external audit which is done by the auditors from outside the company with no relation to company.

Audit process is the pathway followed to complete the audit, it is important to involve clients in all the steps. It has the following steps in the chronological order-

  • Planning
  • Executing of plan
  • Fieldwork and company visit
  • Generation of audit reports
  • Follow-up review

Audit checklist is a tool for internal audit to check if the auditing is up to the set ISO standards or not. It is also used to check if the auditing is done as per the government guidelines or not.

Why Choose Us

Client Centric Approach

Client is the key driver of our service offerings. Our approach to service offerings is based on a client centric and customized approach. Our specialized teams are a mix of technical and industry experience in order to serve clientele for their specific needs.

Quick Turnaround

We always endeavour for a quick turnaround time to serve our clientele. We are supported by an experienced and client focussed support teams to offer timely services to our clientele. In case of any business exigencies and time sensitive service requirements, you can always count on us.

Team Work

We have built high performing teams supported by strong work ethic. Our team is a mix of experts, professionals and support staff from technical and varied academic, cultural, social and ethnic backgrounds. We believe that this diversification plays a vital role in motivating the team into High Performing Teams.

Open Communications

We believe that open communication is the core principle in order to demonstrate trust, build long lasting and valuable relationships with clientele. We are committed to ensuring transparency in communication, service offerings and delivery.

Driving quality in delivery

Our service offerings are driven by quality and reviews at every level. We strive to provide a qualitative and value-added delivery to our clientele. At all times, we endeavour to provide exceptional client service by meeting client expectations and driving client satisfaction.

Blogs on Information System Audit

ITC is not eligible on expense incurred on CSR Activities

ITC is not eligible on expense incurred on CSR Activities

The power conferred under Rule 86A is very drastic. Power under Rule 86A should be invoked only if fraudulent ITC or ineligible ITC has been claimed by the assessee and the authority has recorded the reasons for the same in writing.

The authority is bound to record the reasons of invoking Rule 86A in writing and communicate such reasons to the assessee. On receipt of such reasons, the assessee is entitled to make his submission/objection requesting for lifting.

Read More »
Rule 86A can’t be invoked without communicating reasons of invoking rule 86A to the assessee

Rule 86A can’t be invoked without communicating reasons of invoking rule 86A to the assessee

Hon’ble High Court held that power conferred under Rule 86A is very drastic. Power under Rule 86A should be invoked only if fraudulent ITC or ineligible ITC has been claimed by the assessee and the authority has recorded the reasons for the same in writing. In this matter, Hon’ble High Court relied on precedence of apex court in the matter of GKN Driveshafts (India) Limited Vs. ITO reported in (2003) 259 ITR 19 (SC) wherein it was held that in case of reopening of assessment under Section 143(3) of Income Tax Act,  the assessee should be afforded an opportunity of hearing and he is entitled to know the reasons for reopening and is also entitled to object to such reopening done by the Assessing Officer. Same analogy is applicable in the given case also, the authority is bound to record the reasons of invoking Rule 86A in writing and communicate such reasons to the assessee. On receipt of such reasons, the assessee is entitled to make his submission/objection requesting for lifting.

Read More »
Terms of Issuance of Duty Credit under RoDTEP

Terms of Issuance of Duty Credit under RoDTEP

Now, vide Notification No. 76/2021-Customs (N.T.) dated 23rd September 2021, the Central Government has provide the manner to issue duty credit for goods exported under the Remission of Duties and Taxes on Exported Products (RoDTEP) Scheme in accordance with Foreign Trade Policy. Benefit under the scheme shall be granted subject to such restrictions and conditions as specified in this notification.

Read More »
GST is not applicable on consideration collection from employee for canteen services

GST is not applicable on consideration collection from employee for canteen services

The Amneal Pharmaceuticals Private Limited (The Appellant), is providing food facilities to its 500 employees. Canteen is run by a third party, i.e., Canteen Service Provider, to provide food to the employees. The Appellant collects a portion of the price of the canteen service provider from the employees by way of deduction from their salaries. To determine whether GST is payable on the amount collected from the employee, the appellant filed an appeal before GAAR wherein Hon’ble GAAR held affirmative and decided that appellant is liable to pay GST on such amount.

Read More »

V J M & Associates LLP

Contact Us

X