As a company specialized in performing several types of audit, in this scope, our specialists are also charged of performing Information Technology Audit – an examination of the computer system, with the goal of its evaluation in all its complexity, which includes (1) knowing the environment and its involvement, (2) knowing the type of operations and the forms of processing them (as well as its back up and control) and, finally, (3) forming an opinion.
(1)All of our audit procedures are accompanied by a risk analysis and evolution scenario of the entity’s information systems.
In this scope, we will identify:
- - The communication infrastructures (Lan, WAN, etc.);
- - The existing hardware to a central system or area level;
- - The specific and central applications;
- - The structure of the information technology human resources department.
Complementarily we will interview elements of the entity, at the several levels:
- - The IT director (to get to know the strategical orientations for the information systems, the existing projects, standards, resources and the covering level);
- - The users (to reasonably perceive the applications, the means of communication and necessities felt);
We will elaborate a mold of abilities in the systems.
(2)After the knowledge of the systems, we will pass to the phase of operations and way of processing. Thus, we will understand the operations and will investigate, by testing, both the application systems (to the level of potential error of exhaustion, existence, valuation and accounting, via import or centralization), and level of Integrated control (in the existing phases/means, such as organization, development of applications, maintenance, exploitation, operative systems and security), that the operations and its processing are inclusive and safe.
Regarding security, we will carefully verify both physical and logistics securities.
In this direction, physically, we will analyze the safeguard politics, back up and replacement procedures, server access and physical control politics and basic applications and information integrity measures.
Regarding logistics, we will test the integrity of the processed information, the access to the system, the level of outputs, as well as the import/export of files and will analyze the possibility of "stealing" information.
We will test the documents sequence and the accuracy of its calculations, as well as evaluate the quality of error reports, existing level of supervision by both the organization and its resources, when facing the complexity and needs of its business.
(3)Giving an opinion will be easier using our approach, which takes in consideration the internationally accepted methods of auditing for technological environments.
In case it is necessary to implement applications or to redesign circuits and networks, we also count on the participation of our partners Tecnologiasimaginadas, Lda (www.tecnologiasimaginadas.com), who will intervene in this area.
This type of work is always is supervised by the partners or firm supervisors have continuous formation in audit planning to big companies, organizations strategical risk and systems of internal control.