Information Audit and Assurance Services
Your internal IT controls tested for risk, compliance and Best Practice - independently, comprehensively, cost-effectively
Experienced, qualified IT auditors are a scarce resource. Once found, those with the skills to perform complex IT audits can be prohibitively expensive. Yet IT auditing is an essential requirement for modern business; because your stakeholders need assurance that your business and technical controls are thoroughly effective and compliant with internationally recognised standards.
As one of the UK's leading IT solution providers, ISC's Certified Information Systems Auditors (CISAs) offer a wealth of practical, cost-effective IT management experience and can robustly test your internal control framework, by way of high-quality, independent, risk-based IT audits of:
- Information Security Management Policy compliance
- Compliance with internal and external Best Practice standards (ISO17799, ISO27001, COBIT etc)
- Regulatory and legal compliance (Turnbull, Sarbanes-Oxley, Data Protection Act, Legal Admissibility, Software Licence Compliance, etc)
- Compliance with your management systems' operational procedures
- Infrastructure systems and software (OS, systems and database management, anti-virus, security appliances, hardware/software asset inventory, etc)
- Application systems (on-line transactional, web and e-commerce, client/server, spreadsheets, etc)
In plain English, we document your audit's findings, recommending any adjustments necessary to your management and technical controls. An implementation plan is agreed, providing a route to business improvement.
Benefits of ISC's Information Audit and Assurance services:
- Qualified, experienced auditors on demand
- Board, senior management, customers, suppliers and other stakeholders will be assured of internal controls compliance within overall governance requirements
- Risk-based approach saves you money - IT expenditure can be targeted only on required controls - no wasted expense on controlling no/low risks
- External auditors can rely on internal ISC auditors' work - you have potential to negotiate reduced external audit fees
- Board, audit committee and external auditors will be assured that your vital information assets are appropriately protected - at minimum cost
- Peace of mind knowing you have demonstrably taken all steps to protect your information assets
ISC offers three levels of assurance:
1. Basic Audit and Assurance Service
Our basic information security service tests the efficiency of legislative and Best Practice controls - regarded as minimum requirements - in the following areas:
- Information security policy
- Allocation of information security responsibilities
- Information security education and training
- Reporting and management of security incidents
- Business continuity management
- Data protection and privacy of personal information
- Safeguarding of organisational records
- Intellectual property rights
Management controls are the foundation for implementing a robust information security management system (ISMS) and are the focus of our auditing service.
2. Risk-based Audit and Assurance Service
This service builds on the basic service by testing controls which mitigate identified key information risks. Working with key Directors and Managers we:
- Facilitate a robust assessment of your organisation's information risks
- Determine critical business functions and the information systems that support them
- Categorise information assets
- Analyse severity of business impact of loss of critical systems and information
- Measure probability of impact by considering vulnerabilities to threats
- Consider the top 5 high-level threats to the information assets, based on the quantified negative impact to the business
- Rank systems and decide audit priority, resources, schedule and frequency.
- Document the Board's appetite for risk
Our Audit then reports the Findings, Recommendations and agreed Implementation Plan, as before, but this time set against the Risk Appetite of the Board. That is, we recommend cost effective actions to reduce risks to the Board's level of acceptability.
3. Full Information Systems Auditing and Assurance Partnership
Designed for organisations needing sound information governance and compliance assurance without the expense of an in-house IS assurance function:
- Long-term partnership provides all necessary information auditing and assurance expertise, focused on annual risk assessment
- Planned annual and throughout-the-year technical audit reviews
- Partnership approach supports increasing need for good business governance and independent compliance assurance
- Demonstrates to stakeholders' that their information is in safe, trustworthy hands
- Demonstrates continual improvement
