...

Information System Audit

In today’s business environment, technology and business coexist, therefore it is important to be updated with new technologies in business. All these circumstances make information technology an inseparable part of the business. Technology evolves regularly and so are the threats to technology. Hence, periodic Information system audits for business is extremely important.

 

At VJM associates LLP we understand how important data is and how information security needs to be the top priority of any company, we also know how new technology is introduced in the market every other day. Therefore, we help the clients by providing every possible service there is in the Information System audit, so that they can focus on their business process.

Know More about Information System Audit

Information System Audit is the evaluation, verification and rectification of the information system or mechanism, operations and practices of the business entity to ascertain and amend any mistake, information leak, duplication and blockages. Information system audit can be manual or computerized depending upon the need and requirement of the business entity.

 

In order to switch from manual to automated information processes it is mandatory for the firm to have a Post Migration Audit Certificate.

 

Information system audit was earlier known as Electronic Data Processing (EDP)  audit. It is also called Automated Data Processing (ADP) audit and Information Technology (IT) audit. The main objective of IS Audit is to improve the accuracy, security and relevance of the data.

An information technology (IT) audit or information systems (IS) audit is an examination of the controls within an entity’s Information technology infrastructure.

We offer a range of Information system audit services, to ensure that the relevance and security of information is maintained.

Information System (IS) Governance:-

Information Systems Governance (ISG) is a set of rules that allows the executives and stakeholders to determine how they want to decide on the Information System management, as per the Telecom business school, France. IS governance structure should meet the regulatory requirements of the Sarbanes-Oxley, International Financial Reporting Standards (IFRS), Basel II and should be within the set corporate guidelines of the government.

Effective ISG helps in delivering value to the business and in managing and compromising the risk of the business. Effective and efficient ISG is considered important by the management and stakeholders, we offer the following services-

  • Alignment of Strategies

It is important to align IT strategies with the business strategies to achieve the organisational objectives. Improper alignment can lead to faulty investment decisions and substandard policy implementation.Therefore, we critically align the IT Strategy with the business strategy.

  • Quantifying the value of Information system

With the invention and innovation of new technologies and new threats, it is important to quantify the value generation and value derived of IS. We help in the valuation of Information systems to help in acquisition and disposal of new technological advancement.

E.g., A company is planning to switch its existing system from Tally ERP to SAP. Audit helps in identification of whether the proposed system gives the required results to the entity or not and also value derived from a cost benefit analysis is carried out of cost involved and benefits derived.

  • Regular review of security system

The security system should be regularly reviewed and compared with that of the competitors. We assist in gap analysis performed keeping the set standards ISO27001, SANS, NIST etc / other industry benchmarks like CIS, CERT in mind. Failure to do so can lead to data mining and extraction.

  • System Application

We perform regular audits to make sure that the system applications are up to the mark with the requirements of the business organisation. It should be able to perform input output processes and generate results efficiently.

Auditor makes sures that any new changes prescribed under any law has been duly incorporated into the system or not. Output provided by the system is correct or not based on inputs given.

  • Business Application

To ascertain the advantages and limitations of any application, it is must to test the business application. We assist in periodic testings to determine the capabilities and features of the business application.

E.g., various accounting softwares are available in the market as per requirement of different industries. Auditor assess the requirement of the business and then check that whether the proposed business application provides requisite features or not.

  • System Development

We ensure that the systems under development meet the organisational objectives of the business and the set guidelines of the regulating body and government.

E.g. With implementation of Goods and Service Tax, new applications were developed in accordance with revised tax structure. 

  • Management of IT and enterprise infrastructure

It is important to audit the managerial process and verify the organisational structure to ensure that the IT environment is controlled and efficient.

  • Regulation and Compliance 

The framing and implementation of the regulation and compliance guidelines can be brainstorming and tricky, but is equally important. We help the organisation in setting up the framework to decrease the risk of fines and poor management of Information System resources.

 

Value and Performance of IT:-

It is always important to determine the valuation of IT and its performance. These will help in accessing the return on investment in information technology assets and are of great help in taking investment decisions and control decisions.

These days the entire business is based on IT and all management decisions are based on MIS reports generated through the system, all transactions of business are recorded into the system, all statutory compliance is carried out through the system etc. Therefore, any false performance by the system may lead to wrong decision making and multiple non-compliances. Therefore, it is necessary to determine performance of IT.

Proper investing decisions and control policies in IT helps, in ascertaining the benefits the organisation can derive from IT. We help in formulating investment appraisals and control policies through our auditing techniques.

 

Risk Issues

The technology is ever evolving and so are the risks involving new technologies. Data mining, cyber attacks,and malwares can corrupt any operating system and softwares.Our global risk research into the views of key stakeholders; the unrivalled sector insights that our industry teams offer, and risk case studies help our clients in getting solutions for their problems.

 

Technology Risk

While dealing with technology, there are various risks and issues an organisation can face. We assist our clients in the following-

 

  • Security,Privacy and Continuity

When a business entity uses any technology, it is important to ascertain the security of the data, privacy it provides to the stakeholders and continuity and sustenance of the technology. Our extensive research and experienced team helps in ascertaining these three points.

 

  • IT internal audit services

We help in strategic sourcing and planning of IT internal audit that enables an organization to assemble value-added internal audit teams that know the organization, industry, and technology, and bring the skills and tools to execute efficiently and effectively.

 

  • IT Attestation Services

The stakeholders need periodic assurance related to the safety and security of the IT department of the business. Therefore we help in reviewing the cybersecurity plans, checking if the IT standards are as per the set standards or not.

 

  • IRM (Information Risk Management) External Audits

IRM external audit is executed by external auditors, our team of external auditors help in assuring if the internal audit performed is upto the mark or not. Thereby ensuring that the utmost security is maintained.

 

  • Migration Audit

IT Migration can be defined as a “process of movement of any one or a group of IT Assets from one state of existence to another”. Migration event happens in every touch point in an IS environment such as Application Migration (From ERP, Email etc)., Operating system migration, Database migration, Hardware migration etc.  We ensure that the migration process followed is as per the financial standards and government guidelines.

 

Recommend opportunities for improvement

We recommend and give advice as a consultant to our clientele on various areas in which they can improve with audits and testing.                                                            

Data Centre Audits : Data Center Operations Review, General Computer Controls Review covering- IT Assets and resources- Personnel Security- Physical and Environmental Security- Access Controls; Operating System Review; Database Controls Review; Network Controls Reviews.        

At VJM associates LLP, we offer the following services to our clientele-

 

  1. We issue Post Audit Migration Certificates to the business entities switching from manual process to automated process.
  2. We handle the Information System Governance and make sure that it meets the stakeholders requirements.
  3. We perform IS internal audits using the tools and techniques to ensure that there is technological risk.
  4. We help in valuation of IT and then assist in making investment plans for the IT assets.
  5. We perform IRM external audits  and issue auditor’s acknowledgement.
  6. We perform regular network audits,including vulnerability and penetration testing.
  7. We perform periodic information system audits covering all the facets of the audit.
  8. We offer consultancy services for data centre audits and web application security testing.