The world of IT audit today requires technology skills that are difficult for most organizations to maintain in-house. For that reason, many organizations rely on the diversity and depth of skills that Avotis brings to the table. Our team possesses technological skills within a number of key specialties, including infrastructure and security, ERP systems, database management, UNIX, Windows, project management, application security and business continuity.

Our projects are designed to move quickly and provide high impact. In addition to supporting compliance initiatives like SOX, we can supplement your internal audit plan with IT audit projects that bring added value and positive exposure to your department.

Approach to IT Audit

Avotis IT audit methodology is based on our vast industry experience and addresses IT risk exposures across a variety of organizations.

  • IT General Controls – Since information technology permeates all aspects of an entity’s business, we can assess and recommend controls within each IT process related to change management, security and IT operations.
  • Application Controls – As companies increasingly rely on technology to facilitate the processing of transactions, system configurations have become a critical part of all audits. We can assist with the identification and testing of application controls supporting these business processes.
  • Focused Access and Segregation of Duties – In addition to the security risk around unauthorized access to data, theft of sensitive or confidential intellectual property may also be a risk. We can assess if duties are adequately separated and an overall security posture is maintained.

We follow practices suggested by ISACA. Specifically, we utilize COBIT 5 (Control Objectives for IT), which is a risk-based, process-focused methodology that is used to establish a thorough understanding of the organization’s audit objectives and the risks that threaten those objectives.

Our IT Audit Resources

Our IT audit professionals have serviced a broad range of corporate, government and not-for-profit organizations and are led by directors and managers who are Certified Information Systems Auditors (CISA). Other related certifications held by our IT audit professionals include:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Payment Card Industry Qualified Security Assessor (PCI-QSA)
  • Certified Internal Auditor (CIA)