IT audit

The service

In IT audit assignment we review our client’s complex IT operation and compare it to the relevant IT and information security standards (pl. CobiT1, ISO/IEC 270002, COSO3 , ITIL4) and to the domestic and international industry practices.

We assign business risks to the identified deficiencies, which are evaluated based on the understanding of the client’s business activities and business processes.

We formulate the IT audit recommendations so that their implementation can be performed on the maturity level of the organization’s IT and information security architecture.

We lay special emphasis on documenting the deficiencies found in a form, which can be easily interpreted by the organization’s business management with no detailed IT knowledge, thus our audit reports can be used as decision preparation material as well.

IT audit is one of the most standard services of the information security consulting companies. Many parties provide it as a service, however only a few one do it well.

Based on our client-side experiences we collected the most common mistakes made in the course of IT audits

  • the deficiencies found in the audit include technical mistakes and the correction requires significant client-side resources
  • the identified IT deficiencies haven’t been assessed in the framework of the client’s business environment, therefore they could be interpreted solely on technical level and could not be associated with any business risks
  • the auditors are not able to interpret the deficiencies found and the risks associated on the management level, therefore the management of the organization does not consider the results of the audit as relevant and does not provide resources for resolving the deficiencies
  • the recommendations formulated in the audit are not aligned with the domestic and international IT trends or with the actual maturity level of the organization’s IT architecture, therefore the recommendations impact the organization’s IT strategy and schedule negatively

We have tried to avoid these mistakes when developing our service.

We recommend it for organizations

  • with complex IT operation
  • where the continuous and risk free IT operation is very important for its business operation
  • where compliance with IT and information security standards and with domestic or international industry practices are important points in the IT strategy
  • where regular external audits (e.g., authorities, or corporate internal audit) are performed, and the management wants to decrease the number and the weight of deficiencies found in the external audits by performing an in-house audit

Why choose us?

  • since our certified audit experts have considerable experience
  • since we assess not only the IT operation, but the business environment as well
  • since we have not only audit, but client-side experiences as well
  • since we have relevant experiences in the implementation of IT architectures defined in the audit recommendations
  • since we have client-side management experiences