IT Audit & Risk Assessment

• The purpose of an Information Technology Audit and Risk Assessment is to provide the customer with an overview of their Information Technology Asset with respect to its structure and the risks of loss or failure.

• Understand the reasons driving the need for an IT Audit and Risk Assessment - this understanding can aid at ensuring specific perceived risks can be assessed more closely.
• Confirm and agree the requirements and the expected deliveries.
• Interview IT resources and audit the physical IT infrastructure.
• Interview a representative number of "normal" systems users
• Audit a representative number of "normal" PCs or laptops
• Collate the findings and report the result with recommendations

• A high-level assessment of the physical IT infrastructure, including:
  • The network configuration
  • External access points into the network
  • Firewalls and virus protection
• Business systems used, including:
  • Where and How the data/intellectual property is stored
  • What communication methods are employed
  • Electronic Documents and Files storage
• IT policies and procedures
  • Password control
  • The use of IT infrastructure and services
  • Electronic intellectual property rights
  • IT disposal
  • Contractor handling
  • Staff employment and departure procedures
• Backup and Recovery
  • Backup mechanisms and procedures
  • Backup content and storage location
  • Backup testing and usefulness

• External Intrusion Testing during the Audit and Risk Assessment