Information System Audit Services (ISAs)

An Information Technology (IT) Audit is review of Organization’s Management, Operational and Technical Controls.

The prime objective of IT Audits includes:

 

  • Evaluating the reliability of Data from IT Systems which have an impact on the Financial Statements.

  • Ascertaining the Level of Compliance with the applicable Laws, Policies and Standards in relation to IT.

  • Ensuring if there are instances of excess, extravagances, inefficiency and wastage in the use and management of IT Systems.

  • Ensures asset safeguarding – assets includes: Data, Application Systems, Technologies, Facilities, People, etc.

  • Ensures that Effectiveness (EF), Efficiency (EC), Confidentiality (C), Integrity (I), Availability (A), Compliance (CO), and Reliability of Information (RI), all these seven (7) attributes of data or information are maintained.

 

IT Audits are important because it gives assurance that the IT Systems are adequately protected, provide reliable information to users and properly managed to achieve their intended benefits.

 

IT Audit may also help to reduce risks of data tampering, data loss or leakage, service disruption, and poor management of IT Systems.

With the increase in the investment and dependence on computerized systems by the organizations, it has become imperative for audit to change the methodology and approach to audit because of the risks to data integrity, abuse, privacy, etc.

Our Approach & Methodology

 

  • Establishing the IT Audit Objectives and Scope

  • Developing Audit Plans to achieve the IT Audit Objectives

  • Information Gathering on relevant IT Controls and Evaluating them

  • Use of Audit Techniques using CAATs and/or Manual review to obtain sufficient and appropriate Audit Evidence through the use of any one and/or all of audit assertions:

    • Inquiry

    • Observation

    • Confirmation

    • Testing

 

 

Our Information System Audit Practices arena includes:

 

  • ITGC Controls Testing

  • Regulatory Annual System Audits e.g., RBI, Stock Exchanges, CCA, IRDA, CERT-In, IT Act, SEBI, FMC, CVC,  Payment & Settlement Act and many more

  • Information Technology GAP Analysis Audits

  • Payment Gateway Security Audits

  • Data Privacy Audits

  • Business Continuity Resilience Audits

  • Disaster Recovery Drill Audits

  • Business Application Functionality, Process and Security Audit

You Name it... We Delivered...

TM

(C) NUK 9 Information Security Auditors LLP

TM