An information systems audit is a comprehensive examination of a given targeted system. The audit consists of evaluation of the components which comprise that system, with examination and testing in the following areas:
- High-level systems architecture review
- Compliance Audits
- Business process mapping (e.g. determining information systems dependency with respect to user business processes)
- End user identity management (e.g. authentication mechanisms, password standards, roles limiting or granting systems functionality)
- Operating systems configurations (e.g. services hardening)
- Application security controls
- Database access controls (e.g. database configuration, account access to the database, roles defined in the database)
- Anti-virus/Anti-malware controls
- Network controls (e.g. running configurations on switches and routers, use of Access control lists, and firewall rules)
- Logging and auditing systems and processes
- IT privileged access control (e.g. System Administrator or root access)
- IT processes in support of the system (e.g. user account reviews, change management)
- Backup/Restore procedures
These tasks can be performed only by specialized people experienced in above areas.
Why do you need an Audit? Audit will give assurance to all stakeholders that the you ERP System is performing the way it is expected to perform, meeting business objectives, secure from cyber attacks and gives recommendations on improving overall security controls, processes and technologies.
Our Certified Systems Auditors provides a wide range of choices to audits, meeting your budgets and expectations.