IT Auditing & Review

IT auditing, also known as ICT, computer, network or systems auditing, is a professional discipline involving several different techniques for independently reviewing computer and network systems, IT departments, IT-related security controls and an organization’s use of information.  Here are some examples of IT audit reviews typically performed by SNT consultants:

• Governance controls within IT departments and development projects e.g. management structures, financial planning, management information and reporting, post-implementation reviews, IT strategy reviews including the relationship to other business strategies and corporate functions
• IT/network system security controls e.g. reviewing information security controls during the testing phase of systems development, or on operational systems and networks (technical, physical and/or procedural controls; preventive, detective and/or corrective controls)
• Post-incident reviews to discover and address the root causes of information security incidents (the auditors’ independence and objectivity is a crucial factor here)
• Contingency planning including the IT elements of business continuity planning and disaster avoidance through resilience and other controls
• IT installation reviews, focusing on physical security, uninterruptible power supplies, air conditioning, fire/flood protection etc. for the computer suite