Our IT Audit, risk assessment and management approach is built on flexible tailored proven packages. We can work with you on a specific assignment, and on-going programme of risk reduction or as a complementary specialist to your Internal Audit team.
IT Health Checks – These can be simple lite audits or deep dives ranging from a specific area of IT, a site, a project, controls or a full IT organisation. These are typically used as audit preparation, when a member of the executive team starts a new role and becomes responsible for IT, or simply the Board has asked a question. From these first level audits we can assist you with building improvement and initial risk management action plans and establishing a foundation risk framework. This can be a simple cost effective way to get the rudiments of IT risk management up and running.
IT Audit and Risk Assessment – Our approach follows industry recognised standards and best practices (e.g. ITIL, COBIT, TOGAF, Prince 2 – where appropriate) combined with the experiences of our professionals, to identify strengths and weaknesses. Typical areas that can be covered:
- IT Governance structure
- Information Security, Protection and Access Management
- IT Strategy
- IT Demand/Portfolio Management
- IT Project Management and Performance
- Architecture and Design
- System Development
- Benefits Management and Realisation
- IT Risk Management
- IT Policy and Standards
- IT Services and Operations
- Change Management
Following your tailored audit from the chosen areas above, we create a report to fit with your organisations risk structure, showing strengths areas of recommended improvement, specific IT risks to your organisations operations, strategy and performance combined with recommended controls to implement. From this we can assist you in building structured action plans and an IT risk management structure.