Information Systems Audit
What is it?
An Information Systems (IS) Audit is a detailed examination of an IS Department's operations. Broadly speaking, this service has two primary objectives:
- Examine IT Governance to determine how well the Information Systems align with business goals and objectives; and
- Review all or most of the major IS processes, including security management, incident/problem management, change/configuration management, service delivery, and the systems development life-cycle, to ensure proper controls are in place.
An IS Audit might be performed for:
- IT departments requiring independent verification that their security controls meet an established security baseline.
- A Readiness Assessment of disaster recovery / business continuity plans and/or planning process.
- Specific departments (most often Finance) need internal audit of their information systems prior to anticipated external audits.
- The SIL Board, an audit committee, or other internal governing body has requested assurance of internal controls for information systems in a specific domain or specific area/entity.
Who is it for?
SIL and Alliance organizations, for large or small IS departments, for both US-based and overseas contexts.
Who do I contact?
Rod Davis, Business Continuity Consultant for SIL International, Rod _Davis@sil.org, +1(704) 843-6178
What GTIS does...
The IS Audit delivers benefit to the risk management process through risk identification and risk assessment. The byproduct is an improved security posture when the appropriate internal controls are in place. Audits, always performed to the highest possible standard, will serve to accomplish the following:
Provide assurance to an audit committee or directly to the SIL board that appropriate and adequate internal controls are in place for corporate information systems.
Improve the state of internal controls for corporate information systems, by promoting internal controls, identifying control weaknesses, and recommending cost-effective solutions.
Provide recommendations for appropriate controls, remediation, and process improvements.
Assurance of legal and regulatory compliance.
What You Will Do
You will provide the necessary staff to provide auditors access to information systems, standards and procedures, plans and assessments, and other documentation as required.