IT audit and assessment

We undertake audits and assessments to confirm whether your organization is following the rules and regulations set by an external agency or authority. This is commonly referred to as a compliance test. Depending on your requirements, our auditors will ask CIOs, CTOs, IT Administrators etc. a series of questions over the course of an assessment to determine compliance.

We examine:

  • Evaluation of IT controls
  • IT policy/procedure
  • IT vendor / IT procurement selection
  • Business continuity audit

Our IT audit services provide you with assurances that your corporate governance, IT risk management and internal IT controls operate effectively. We follow a structured approach based on industry best practice frameworks to provide an independent assessment of your compliance.

IT security audit and gap analysis implementation methodology

We adopt a risk-based IT audit methodology encompassing a number of respected industry standard frameworks such as ISO/IEC 27001 and COBIT (as recommended by the Institute of Internal Auditors in the UK and Ireland). This ensures we cover a number of controls including technical, procedural and administrative.

The advantage of utilizing a structured and formalized framework is that it provides a transparent, repeatable and measurable structure for evaluating and improving internal controls.

The audit execution process has four phases:

  1. Defining the scope
  2. Planning - identify and assess adequacy of control design
  3. Control operating effectiveness tested
  4. Reporting

Examples of IT audit services we provide:

  • Onsite IT audit support and delivery
  • External IT audit support and delivery
  • Sarbanes and Oxley (SOX) audit
  • ISO/IEC 20000 IT Service Management

Data protection audit support (internal and/or external)

We help organizations to prepare for an audit by the Data Protection Commissioner. Our consultants provide workshops, questionnaire-based audits, onsite inspections, gap analysis and practical and policy-driven solutions in order to drive organizations to a positive audit outcome.

> Read more about our data protection services


Disclaimer

BSI is an accredited Certification Body for Management System Certification and Product certification. No BSI Group company may provide management system consultancy or product consultancy that could be in breach of accreditation requirements.

Clients who have received any form of management system consultancy or product consultancy from any BSI Group company are unable to have BSI certification services within a 2 year period following completion of consultancy.