IT Audit & Compliance
Almost every strategic business objective, from improving customer satisfaction to reducing overhead costs to increasing business productivity, depends on the efficient and effective use of information technology (IT). To succeed in business an organization must understand the role that IT plays in both supporting and enabling its business processes. In today's rapidly changing environment your organization must know how to identify and manage its IT-related business risks. IT auditors play a vital role in this process.
I can help. I work together with you to identify business and technology risks, evaluate control processes and recommend effective and practical solutions to mitigate residual risks. I can be an essential component of your internal audit team. Managing IT-related business risks is more than just problem solving. It means identifying the business risks associated with your organization's deployment and use of IT, and providing constructive methods for identifying and managing those risks. For the limited resources available to auditors in most companies, this is asking a lot and sometimes too much.
Effective internal audit departments recognize that bringing business value to IT audits requires a business focus and in-depth knowledge of the specific processes, technologies and related risks that impact the ability to achieve business objectives. It also requires knowledge of the options that exist for implementing and managing effective risk management and control processes. The ever-growing number of new technologies makes it difficult to recruit, train and retain personnel with the depth and variety of technical skills required to work with these increasing complex systems. Organisations may only need these specialists for specific projects or peak periods, which makes retaining a full-time staff inefficient and costly. Further, highly technical personnel may not understand the business issues involved. These are just a few reasons some internal audit departments rely on IT audit specialists to fill the gap. I take an integrated, business-focused approach to IT auditing. Instead of just examining the technology, I examine with you business goals and business processes first and the systems that support them second. I believe in business partnerships with you and act as consultants who help them maintain compliance with IT-related controls as well as make
recommendations for managing and mitigating the business risks associated with IT.
The competitive business environment makes many demands on a company:
- Are information technologyrelated business risks understood?
- Are information systems running smoothly?
- Is data integrity maintained?
- Are regulatory standards met?
- Are internal controls effective?
- Are internal controls continuously monitored?
- Are necessary changes in controls and risk management processes made when they are needed?
I can help you
- perform a peer review and assist in developing strategies for enhancing the effectiveness of IT audit resources
- define the business risks related to specific use and deployment of IT
- define and develop an IT audit plan that is responsive to specific risks
I can work with you
- During periods of peak demand
- With specialized technology expertise
By staying up to speed with new developments in technology and changing business risk in combination with a passion for IT in general, I continue to be an asset to you to improve and streamline business processes. Because I know how internal audit departments work, I can enhance your knowledge of your systems' risks and ensure these systems continue to meet your business goals. By identifying and managing IT-related business risks your organisation is leveraging, not just controlling, its information technology.
I use a comprehensive set of knowledge sharing tools such as ISACA Knowledge Center, an intranet-based resource and training environment to truly providing world-class audit services.