Comprehensive IT Auditing Services
The explosion of Information Technology (IT) computing has changed the world, as we know it. Over ninety percent of organizations now utilize computer automation for the delivery of their mission statement. In any period of great technological advance, the controls on such changes exercised by society have lagged behind the changes themselves.
In the case of Information technology, the situation has been exacerbated by a mixture of not completely understanding the technology and of being unaware of the greater risks to the security, integrity and availability of information and information systems that computerization brings. Information technology is the basis behind everything, especially in the future.
Auditing key IT components to help ensure the integrity and accuracy of information contained therein is of paramount importance to all areas of business and industry.
Information Technology (IT) auditing, also known as Information Systems (IS) Auditing, is the discipline that provides the management of organizations that wish to rely on a particular information system or a given technology with an authoritative and objective opinion on the extent to which they can safely rely on that system.
An IT auditor therefore needs to be knowledgeable both about information systems, and about audit practices. Our staffs are the best in the business. They have IT audit experience, certified and trained to meet the challenges of the ever-changing computing world.
At General Masters, Inc. we specialize in effective and technical IT audits of your computing platform to ensure the existence of effective controls. Our projects are defined within small manageable engagements with short timelines designed for high impact and value-add. We can supplement your internal audit plan with IT audit projects that bring added value and positive exposure to your department. We begin with a master services agreement that doesn’t obligate you to purchase any services but establishes us as your IT audit provider. We prepare individual project statements of work or provide specific skills and resources for periods of time.
We provide innovative and affordable risk-based technical auditing services.
We provide five types of IT Auditing Services:
Professional IT Auditing Services:
Under this relationship, we provide a comprehensive technical review of your computing environment including the operating systems, network, internet, connectivity, business continuity planning, vulnerability review, business applications, change management, IT strategic planning, and ANY computing issues that we may deemed appropriate. A formal management report, with our expressed opinion, will be issued to management at the conclusion of the engagement.
Outsourced Auditing Services:
Under this relationship, we will perform all your IT audits for you as part of your Internal Audit department.
The numbers of IT audits to be performed are at the discretion of Internal Audit management based on the approved Audit universe.
General Masters, Inc. will provide Internal Audit management with risk-based software for audit planning. This would help ensure that appropriate audit cycle is established for all critical IT audits.
Audit programs and scopes are developed in consultation with Internal Audit department management.
Audit Workpapers are prepared in compliance with Internal Audit department guidelines. If none exists, General Masters, Inc., with the approval of Internal Audit, will follow its own guidelines.
Audit Workpapers and final reports are the confidential document of Internal Auditing department.
Co-sourcing Auditing Services:
Under this relationship, General Masters, Inc works with the staff of Internal Auditing department to perform some of the IT audits in a given universe.
Also, Internal Audit department may elect to work with the staff of General Masters, Inc jointly on each contracted audit. This process would help ensure that some of the technical knowledge and methodology utilized during the audit would be imparted to the staff of Internal Audit department. It is a hands-on approach of learning how to perform critical and the more technical IT audits. Audit programs and scopes are developed in consultation with Internal Audit department management.
And under this relationship, as subject matter experts, our staff may be contracted to create the Risk Control Matrix (RCM) for the staff of Audit department management to be used by their staff to perform a given audit's fieldwork.
Audit Workpapers are prepared in compliance with Internal Audit department guidelines. If none exists, General Masters, Inc., with the approval of Internal Audit, will follow its own guidelines.
Audit Workpapers and final reports are the confidential document and properties of Internal Auditing department.
Vulnerability Review:
Under this relationship, General Masters, Inc. will perform a comprehensive risk assessment of your entire computing platform, or an isolated area of management’s choosing. This may include such issues as Internal or External penetration testing, or both.
The main deliverable of this engagement would be a detailed report which the IT management would use to address key noted weaknesses of the IT operations.
Internal Audit departments may seek this type of service from General Masters, Inc.
The weaknesses noted, if any, may become an audit issue with the appropriate follow-up deemed necessary.
Penetration Testing Services:
The internal computing network of most businesses is compromised sooner or later, either by individuals within the organization or by external hackers. This weakness is magnified by the number of entry points into corporate networks via online internet connectivity to enable the use of e-commerce technologies, online applications and technologies such as Wireless and Bluetooth, or to simply surf the web.
Using reliable and sophisticated software tools as part of our automated penetration testing services, we identify all the ports and various methods by which access can be gained into your network and bypass your perimeter defenses. It is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The process involves an active analysis of the internal network for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. We perform this analysis from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. The deliverables are presented to our client together with an assessment of their impact and a proposal for mitigation or a technical solution for managing the risks. We accomplish our services by performing these penetration tests:
· Internal Network Penetration tests
· External Network Penetration tests
The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered at any given point in time. It is a snapshot of your internal network at a given point. We provide the two types of penetration testing services on:
· Ongoing continuous monitoring Basis
· On a Quarterly Basis
· On a Six-month basis
· On Annual basis
Established Governance
Adopted IT Auditing Framework:
We utilize the Control Objectives for Information and related Technology (COBIT). It is a framework established by Information Systems Audit and Control Association (ISACA) for its members. Additionally, we follow a series of Audit Control Evaluation System (ACES) guidelines as needed.
Adopted Operational Auditing Framework:
We utilize COSO (Committee of Sponsoring Organizations of the Tread way Commission) framework for all operational audits.
Adopted IT Auditing Standards:
As a reputable professional organization, General Masters, Inc. follows, with passion, the Standards issued by the Standards Board of ISACA.
Areas of IT Auditing Services (Audit Universe)
We offer IT auditing services in the following areas:
Application Review
Application Service Providers/Portal Review
Bank Internet Environment Review
Business Process Outsourcing Review
Business Resumption Planning
Change Management and Change Control Reviews
Contract Administration Review
COSO Implementation Review
Credit Union IT audit services
Data Center Review
Data Base Management System Review
Disaster Recovery Planning Review
Data Processing Acquisition Review
Data Network Security Review
Electronic Fund Transfer Review
E-commerce Review
FASB 133 Implementation Review
HIPAA Compliance Review
Identity Management Review
Infrastructure (Firewall and Router) Reviews
Internet/Extranet/Intranet Review
Internet Implementation Review
IT Governance Review
Mainframe Operating Systems Review
NERC CIP Compliance Reviews
Network Operating Systems Review
Operating Systems Review
Outsourced security Review
Outsourced Strategic Review
Telecommunications, Voice, e-Mail Reviews
Third Party Reviews
Penetration Testing Services
Personal Computer Security Review
Regulatory compliance (HIPAA, GLBA, PCI, DEA, NERC CIP, ISO, QA, SOX, etc) Reviews
Risk Management Review
SAS 70 Testing and Reviews
Security and Access management Review
Security Software Package Review
Service Bureau Data Integrity Review
System Development Life Cycle Review
Third Party, ISO 9001, 2001 Reviews
Virtual Private Network Review
Web-enabled Application Review
Wide Area Network Review
Wireless Security Review
Other IT audit-related services:
Workpaper Automation:
In addition to providing the above four types of audit services, we are providers of third-party and proprietary auditing software for the management of the entire Internal Audit department ranging from time management, audit planning, fieldwork and Issue management.
IT Audit function start-up services:
We also provide IT audit start-ups and ongoing internal audit training to desired organizations.
To obtain more information about our IT audit services, please complete the following form and select areas of interest. Our staff will contact you shortly with a response.
|
