>> Home >> Articles >> Factsheets >> Information Audit and Assurance Services

Information Audit and Assurance Services

Factsheet Information and Network Security 19/12/2005

Your internal IT controls tested for risk, compliance and Best Practice - independently, comprehensively, cost-effectively

Experienced, qualified IT auditors are a scarce resource. Once found, those with the skills to perform complex IT audits can be prohibitively expensive. Yet IT auditing is an essential requirement for modern business; because your stakeholders need assurance that your business and technical controls are thoroughly effective and compliant with internationally recognised standards.

As one of the UK's leading IT solution providers, ISC's Certified Information Systems Auditors (CISAs) offer a wealth of practical, cost-effective IT management experience and can robustly test your internal control framework, by way of high-quality, independent, risk-based IT audits of:

  • Information Security Management Policy compliance
  • Compliance with internal and external Best Practice standards (ISO17799, ISO27001, COBIT etc)
  • Regulatory and legal compliance (Turnbull, Sarbanes-Oxley, Data Protection Act, Legal Admissibility, Software Licence Compliance, etc)
  • Compliance with your management systems' operational procedures
  • Infrastructure systems and software (OS, systems and database management, anti-virus, security appliances, hardware/software asset inventory, etc)
  • Application systems (on-line transactional, web and e-commerce, client/server, spreadsheets, etc)

In plain English, we document your audit's findings, recommending any adjustments necessary to your management and technical controls. An implementation plan is agreed, providing a route to business improvement.

Benefits of ISC's Information Audit and Assurance services:

  • Qualified, experienced auditors on demand
  • Board, senior management, customers, suppliers and other stakeholders will be assured of internal controls compliance within overall governance requirements
  • Risk-based approach saves you money - IT expenditure can be targeted only on required controls - no wasted expense on controlling no/low risks
  • External auditors can rely on internal ISC auditors' work - you have potential to negotiate reduced external audit fees
  • Board, audit committee and external auditors will be assured that your vital information assets are appropriately protected - at minimum cost
  • Peace of mind knowing you have demonstrably taken all steps to protect your information assets


ISC offers three levels of assurance:

1. Basic Audit and Assurance Service

Our basic information security service tests the efficiency of legislative and Best Practice controls - regarded as minimum requirements - in the following areas:

  • Information security policy
  • Allocation of information security responsibilities
  • Information security education and training
  • Reporting and management of security incidents
  • Business continuity management
  • Data protection and privacy of personal information
  • Safeguarding of organisational records
  • Intellectual property rights

Management controls are the foundation for implementing a robust information security management system (ISMS) and are the focus of our auditing service.


2. Risk-based Audit and Assurance Service

This service builds on the basic service by testing controls which mitigate identified key information risks. Working with key Directors and Managers we:

  • Facilitate a robust assessment of your organisation's information risks
  • Determine critical business functions and the information systems that support them
  • Categorise information assets
  • Analyse severity of business impact of loss of critical systems and information
  • Measure probability of impact by considering vulnerabilities to threats
  • Consider the top 5 high-level threats to the information assets, based on the quantified negative impact to the business
  • Rank systems and decide audit priority, resources, schedule and frequency.
  • Document the Board's appetite for risk

Our Audit then reports the Findings, Recommendations and agreed Implementation Plan, as before, but this time set against the Risk Appetite of the Board. That is, we recommend cost effective actions to reduce risks to the Board's level of acceptability.


3. Full Information Systems Auditing and Assurance Partnership

Designed for organisations needing sound information governance and compliance assurance without the expense of an in-house IS assurance function:

  • Long-term partnership provides all necessary information auditing and assurance expertise, focused on annual risk assessment
  • Planned annual and throughout-the-year technical audit reviews
  • Partnership approach supports increasing need for good business governance and independent compliance assurance
  • Demonstrates to stakeholders' that their information is in safe, trustworthy hands
  • Demonstrates continual improvement
Related Articles
Security Technologies Factsheet 19/12/2005 ISC, the UK's no.1 IT solutions provider, has the accredited skills to build for your business an efficient, cost-effective security environment according to sound principles of risk management.
Information Risk Assessment Factsheet 13/12/2005 Risk Assessment Workshops from ISC are designed to provide a comprehensive understanding of the key information assets upon which your business relies.
IT Governance: Design & Implementation Factsheet 07/12/2005 For any organisation reliant upon IT, a governance framework the in-house mechanism by which your IT investments are optimised and statutory risks managed is essential.
Information Security Management Factsheet 07/12/2005 ISC's Information & Network Services experts can help you demonstrate commitment to Best Practice in your management of information.
Dartington Crystal Case Study 28/11/2005 Dartington Crystal asked a number of IT security specialists to submit proposals for the tender, but chose ISC because of its comprehensive response to the brief.
All Related ArticlesRelated Pages
Security ISC's Information & Network Security (INS) service delivers 24/7 business continuity.
Security Technologies We will help you to build an efficient, cost-effective security environment based upon sound principles of risk management.
Information Risk Assessment Services ISC's Risk Assessment Workshops are designed to give you a complete grasp of your key business IT assets.
Information Audit & Assurance Services ISC's Certified Information Systems Auditors (CISAs) offer skilled, cost-effective IT audit management services.
IT Governance To help you stay ahead of ever-changing corporate legislation, ISC offers an IT Governance: Design & Implementation service.