IT auditing, also known as IT, computer, network or systems auditing, is a professional discipline involving several different techniques for independently reviewing computer and network systems, IT departments, IT-related security controls and an organization’s use of information. Here are some examples of IT audit reviews typically performed by SNT consultants:
Governance & Compliance Controls
IT and Network System Security Controls
Post-Incident Reviews
Contingency Planning & Disaster Recovery
Within IT departments and development projects e.g. management structures, financial planning, management information and reporting, post-implementation reviews, IT strategy reviews including the relationship to other business strategies and corporate functions
e.g. reviewing information security controls during the testing phase of systems development, or on operational systems and networks (technical, physical and/or procedural controls; preventive, detective and/or corrective controls)
Discover and address the root causes of information security incidents (the auditors’ independence and objectivity is a crucial factor here)
Including the IT elements of contingency planning and management, focusing on business continuity planning and disaster avoidance through resilience and other controls, using on physical security, uninterruptible power supplies, air conditioning, fire/flood protection etc. for the computer suite