Information Technology


IT Audit Services

Our IT audit professionals are Certified Information Systems Auditors (CISAs) and have experience working as "Big Four" IT auditors, IT management and internal IT auditors for some of the nation's largest corporations.  We are experienced in providing various IT-related services, such as:


IT Audit Staff Augmentation 

We can provide IT audit resources to supplement your existing Internal Audit staff.  Internally staffing the IT audit function is difficult for companies due to the complexity of most IT environments and requires various technical skill-sets.  Our team of CISAs provide an affordable alternative to staffing these resources internally. 

IT Risk Assessments

Our IT risk assessments are based on Control Objectives for Information and related Technology (COBIT) issued by the Information Systems Audit and Control Association (ISACA).  COBIT provides leading practices for the management of IT processes in a manageable and logical structure by bridging the gaps between business risks, technical issues, and internal control needs.  We will assist you in identifying the high-risk areas within your IT universe and creating a risk-based Audit Plan based on this risk assessment.


IT Policy and Procedures

Our team can assist you with development of brand new IT Polices and Procedures from scratch, tailore to the specific needs of your company, or we can review your existing Polices and Procedures and provide feedback to strenghten them.   

    Regulatory Compliance Reviews

    We can assist you in complying with various regulatory requirements by identifying IT-related control gaps and correcting related internal control weaknesses within areas such as:

    • Sarbanes-Oxley
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Gramm-Leach-Bliley Act (GLBA)


    IT Application Reviews

    We can assist you with specialized reviews of your critical applications.  Our services include:

    • Change Control and Access Control reviews for all ERP packages (Oracle, SAP, PeopleSoft, JD Edwards, Macola, Lawson, Great Plains, MAS 90, MAS 200, etc.), Commercial Off-The-Shelf (COTS) software, web-based applications, custom-developed applications, end-user computing applications, etc.
    • Review of existing IT application controls for improvement opportunities (such as implementation of proper segregation of duties parameters)
    • Implementation of new application controls to streamline your business processes and replace costly manual controls
    • Data analysis of your critical transactions using Computer Assisted Audit Techniques (CAATs) and data mining to identify expense reduction and revenue leakage opportunities

    IT Infrastructure Reviews

    Using industry best practices, policies, procedures, and "hardening" guidelines are documented for each IT infrastructure component.  We also provide guidance on selecting and implementing software tools to monitor your IT infrastructure security.

    • Database Management System Reviews:  SQL Server, Oracle, DB2, Sybase, etc.
    • Operating System Reviews:  Windows, AS/400, OS/390, UNIX, Linux, etc.
    • Network Security Reviews:  Firewalls, routers, switches, wireless devices, intrusion detection systems, etc.
    • Computer Operations Reviews:  Backup and recovery, job scheduling, problem management, physical access, environmental controls, etc.

    Threat and Vulnerability Assessments

    We can evaluate your access security by performing the following:

    • Threat and vulnerability assessments to identify internal employees or contractors with the ability to cause damage to mission critical IT systems
    • Attack and Penetration (A&P) testing at the Internet and Intranet levels using software tools (e.g., ISS Internet Scanner, nMAP, Nessus, NetIQ)
    • Test wireless and dial-in (remote access) security testing
    • Incident response programs review

    For a Free Consultation regarding our IT Audit Services, please fill out the form below or contact us directly.

    Best Time To Call