IT AUDIT: INDEPENDENT REVIEW OF IT SYSTEMS AND IT PROCESSES

IT is now indis­pensable to any busi­ness pro­cess and has thus beco­me the life­line of most com­pa­nies. It is the­r­e­fo­re all the more important that the IT sys­tems and appli­ca­ti­ons used func­tion as inten­ded and offer suf­fi­ci­ent avai­la­bi­li­ty. Based on the legal requi­re­ments of finan­ce and accoun­ting, IT is sub­ject to num­e­rous legal requi­re­ments. One of the chal­lenges is to record the­se legal frame­work con­di­ti­ons as part of an IT audit, inter­pret them cor­rect­ly and deri­ve the neces­sa­ry mea­su­res from them.

IT audit as a clas­sic target/actual comparison

In gene­ral, IT audits are checks, simi­lar to the inspec­tion of a pas­sen­ger ele­va­tor, which is regu­lar­ly che­cked to ensu­re safe­ty and func­tion­a­li­ty. Here, the­re are clear tech­ni­cal spe­ci­fi­ca­ti­ons that must be met and are che­cked step by step by the installer.

In the area of IT, this is some­what more com­plex, but the audit pro­ce­du­re cor­re­sponds to the clas­sic target/actual com­pa­ri­son. Both inter­nal spe­ci­fi­ca­ti­ons and exter­nal stan­dards are used, which repre­sent the “sta­te of the art” in the respec­ti­ve test area. An audit typi­cal­ly takes place in two steps. In the first step, it is che­cked whe­ther the plan­ned mea­su­res (spe­ci­fi­ca­ti­ons) are sui­ta­ble for con­trol­ling the respec­ti­ve risk. This is cal­led “design effec­ti­ve­ness” and in the second step the “ope­ra­tio­nal effec­ti­ve­ness”, i.e. the actu­al imple­men­ta­ti­on, is che­cked to ensu­re that the inten­ded mea­su­res are actual­ly appli­ed or imple­men­ted in practice.

Pre­fer­a­b­ly, we go check natio­nal and inter­na­tio­nal stan­dards such as:

  • ISO/IEC 27001
  • COBIT
  • BSI basic pro­tec­tion catalogs
  • EN 62443

SEC4YOU sup­ports com­pa­nies, audi­tors, inter­nal audits by IT audits in con­trol­ling the imple­men­ted mea­su­res in IT. In the pro­cess, the orga­niza­tio­nal and tech­ni­cal mea­su­res taken are ana­ly­zed with regard to risks and com­pli­ance with legal requi­re­ments, and a TARGET/ACTUAL com­pa­ri­son is per­for­med. In the event of devia­ti­ons, appro­pria­te mea­su­res are drawn up in con­sul­ta­ti­on with tho­se responsible.

YOUR ADVANTAGES

  • Through an IT audit, you iden­ti­fy the weak points in your IT befo­re pro­blems arise.

 

  • As docu­men­ta­ti­on, you recei­ve a com­pre­hen­si­ve report with a TARGET/ACTUAL com­pa­ri­son as well as con­cre­te recom­men­da­ti­ons for redu­cing the iden­ti­fied risks.

 

  • By using inter­na­tio­nal­ly reco­gni­zed audit stan­dards (e.g. ISO/IEC 27001, COBIT, BSI-Grund­schutz), you recei­ve com­pa­ra­ble and relia­ble results.

 

  • Your employees can accom­pa­ny the IT audit acti­vi­ties and thus recei­ve addi­tio­nal training

Ques­ti­ons about IT audits? Would you like to speak with an expert?