Our IT Auditors are experienced in offering risk assessment and detailed technical audit assurance for your organisations IT infrastructure and applications. Highly complex IT infrastructure and technologies require audit analysis from technical IT audit professionals. CMAP’s IT Audit service aims to target the more prevalent risks and compliance pressures faced by local authorise and public sector bodies. The IT Audit universe centres around technical risks to your organisation, such as confidentiality, integrity, availability and accountability, and subsequent business impact which can be classified as financial damage, reputational damage, privacy violation and non-compliance issues.
The key benefits of our IT Audit services can be described as:
Utilisation of tested tools and methodologies to allow time efficient execution of information gathering and risk identification to allow us to offer better value for money audits. This allows us to streamline the audit process to minimize administrative concerns and involvement.
Conducted by IT audit professionals who have expertise and experience in auditing complex and emerging technologies to identify the most prevalent and expanding IT risks faced by public sector authorities.
Unlike automated vulnerability scanners, IT Audit professionals can offer vital subject matter expertise under the context of the sensitivity of the information being audited, to join technical risk issues identified and align them with subsequent risks faced by the business.
The key IT Audit service offerings that can be offered by CMAP IT audit professionals can be summarised as:
Technology Auditing – Technical IT audits of applications and supporting infrastructure/metastructure to address complex technologies such as hardware virtualisation, cloud computing, Voice over IP, wireless networking, thin client infrastructure, application security, active directory, perimeter security applications such as firewall/IDS.
Process & Operations Auditing – Operations audits cover crucial IT operational processes such as change management, configuration management, asset management, patch management, network administration, business continuity, backup/restore, security logging and monitoring policies. Issues with operational processes can further extend to enhanced vulnerability exposure during technical reviews.
Digital Forensics – We also offer a digital forensics offering that is aligned with processes determined by ACPO (associated of chief police officers), subsequently our detailed digital forensics reports and evidence provided would be acceptable in a court of law. Common areas of digital forensics analysis centres around deleted data recovery, user activity, email analysis, internet analysis, policy violations, & data theft.
Data Analysis and Reporting – Our IT Audit team has experience in performing advanced data analysis to provide the foundation behind fraud detection systems and audit management processes. Data can be extracted for detailed analysis, or report driven management applications can be developed to support many audit administration and management processes. We have experience in utilising many common data analysis software and languages including Microsoft SQL, Oracle, Access, Crystal Reports, Visual Basic.