System Audit

Proactive Information Technology Auditing

A successful system audit appropriately assesses technology risks and the control environment as they relate to critical business processes. AmericaTech’s deep expertise in IT audit can help ensure the integrity, reliability and performance of these processes. Through our methodologies, our clients realize more effective and efficient technology controls that better align the internal audit function with their business and IT strategies.

The scope of an information systems audit still does cover the entire life-cycle of the technology under scrutiny, including the correctness of computer calculations. The word “scope” is prefaced by “normal” because the scope of an audit is dependent on its objective. Audits are always a result of some concern over the management of assets. The concerned party may be a regulatory agency, an asset owner, or any stakeholder in the operation of the systems environment, including systems managers themselves. That party will have an objective in commissioning the audit. The objective may be validating the correctness of the systems calculations, confirming that systems are appropriately accounted for as assets, assessing the operational integrity of an automated process, verifying that confidential data is not exposed to unauthorized individuals, and/or multiple combinations of these and other systems-related matters of importance. The objective of an audit will determine its scope.

Enterprise Risk Management’s team of system auditing and security specialists will help you navigate a sea of ever-changing business risks. By using customized tools, expert resources, and proven methodologies, we tailor our IT audit services to your specific needs. Our experienced professionals bring a deep understanding of Internal Information System Audits, Application Control, and Security Services, as well as Pre- and Post-Implementation Reviews.

Every organization needs to balance its users’ technology needs — speed, ease of use and convenience — against the critical need to keep information safe and secure against a variety of sophisticated threats and potential liability. This is why every organization needs to perform information technology audits.

AmericaTech System Audit Services are:

  • High-level systems architecture review
  • Business process mapping (e.g. determining information systems dependency with respect to user business processes)
  • End user identity management (e.g. authentication mechanisms, password standards, roles limiting or granting systems functionality)
  • Operating systems configurations (e.g. services hardening)
  • Application security controls
  • Database access controls (e.g. database configuration, account access to the database, roles defined in the database)
  • Anti-virus/Anti-malware controls
  • Network controls (e.g. running configurations on switches and routers, use of Access control lists, and firewall rules)
  • Logging and auditing systems and processes
  • IT privileged access control (e.g. System Administrator or root access)
  • IT processes in support of the system (e.g. user account reviews, change management)
  • Backup/Restore procedures