With the onset of information technologies such as big data, social media, technologies as a service and the cloud, it is important to take the necessary time to go back to the basics of an IT audit. When new technologies arise, we must identify the risk associated and along with the appropriate controls to mitigate that risk to an acceptable level. IT audits typically require technology skills that are outside of most organization’s scope of work. For that reason, organizations rely on RB Advisory to provide those skills and specialties:
- ERP Systems
- Database Management
- Project Management
- Application Security
- Business Continuity
It is very common for very skilled IT departments to lack the exposure to a robust security and compliance framework. We strive to educate all IT staff members on the importance of compliance frameworks to help improve the outcome of the audits and help reduce the risk by countering the threats we are exposed to every day.
APPROACH TO IT AUDIT
RB Advisory’s IT audit procedures are based on our industry experience and allow us to address IT risk exposure across various types of organizations.
- IT Controls - We evaluate and recommend controls within each IT process related to change management, security and IT operations.
- Application Controls – As technology is increasingly relied on to simplify the processing of transactions, system configurations have become an immensely important part of all audits. We assist with identifying and testing of application controls to support these business tasks.
- Focused Access and Segregation of Duties – There is an overwhelming security risk for unauthorized access to data and theft of sensitive or confidential intellectual property. We assess if roles are adequately divided and an overall security posture is sustained.
OUR IT AUDIT CERTIFICATIONS
Our IT audit team have serviced a broad range of corporate, government, and small business organizations and hold the following industry recognized certifications:
- Certified Information Systems Auditors (CISA).
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Payment Card Industry Qualified Security Assessor (PCI-QSA)
- Certified Internal Auditor (CIA)