The objective of our information systems audits is to determine whether controls effectively support the confidentiality, integrity, and availability of your systems.
ParadoxWeb identifies, develops and tests internal controls and policies. Reviews are created and implemented to address your objectives ranging from cost recovery, to application and infrastructure controls. We highlight significant exposures and recommend solutions to mitigate risk.
- Management of IT risks (System and Network Auditing)
- Information Security (Anti-Virus, Firewalls)
- Business Continuity (Backups and Disaster Recovery)
- Change Management
- Physical Security
- IT Operations
- Up to Date Documentation
- Audit of Outsourcing Providers
- Cost Recovery and Invoice Auditing
Information technology auditors gather information and do some planning to gain an understanding of the existing internal control structure.
- Knowledge of business and industry
- Recent financial information
- Regulatory statutes
- Inherent risk assessments
To gain an understanding of the existing Internal Control Structure, information technology auditors needs to identify:
- Control environment and procedures
- Detection risk assessment
- Control risk assessment
- Equate total risk
Information and Technology Audit Strategies
We gather evidence to test if an organization is following its control procedure and validate the integrity of their data.
- Review organizational structure
- Review policies and procedures
- Review standards
- Review documentation
- Review the organization’s business improvement area
- Interview the appropriate personnel
- Observe the processes and employee performance
- Examination and testing of controls
Observation of what an individual actually does versus what they are supposed to do, can provide auditors with valuable evidence when it comes to control implementation and understanding by the user.
Application and General Controls
General controls apply to all areas of the organization including the information and technology infrastructure and support services.
- Internal accounting controls
- Operational controls
- Administrative controls
- Organizational security policies and procedures
- Overall policies for the design and use of adequate documents records
- Procedures and practices to ensure adequate safeguards over access
- Physical security policies for all data centers and IT resources
- Processing accomplishes the designed and correct task
- The processing results meet expectations
- Data is maintained
Our tasks when performing an application control audit include:
- Reviewing all available documentation and interviewing the appropriate personnel
- Identifying the application control strengths and evaluating the impact of weaknesses found in the application controls
- Developing a testing strategy
- Testing the controls to ensure their functionality and effectiveness
- Evaluating test results and other audit evidence to determine if the control objectives were achieved
- Evaluating the application against management’s objectives for the system to ensure efficiency and effectiveness
Information and Technology Audit Deliverable
The IT audit documentation provided once the audit is finished includes:
- Planning and preparation of the audit scope and objectives
- Description or walkthroughs on the scoped audit area
- Audit program
- Audit steps performed and audit evidence gathered
- Audit findings, conclusions and recommendations
- Audit documentation relation with document identification and dates
- A copy of the report issued as a result of the audit work
When we communicate the audit results to your organization it will be done at an exit interview where we will have the opportunity to discuss any findings and recommendations.
- The facts presented in the report are correct
- The recommendations are realistic and cost-effective, or alternatives have been negotiated with your organization’s management
- The recommended implementation dates will be agreed to for the recommendations we have in our report.
The presentation will include a high-level executive summary.
Contact us to meet with an information and technology auditor.