IT Assurance / Audits
IT and cybersecurity audits / assurance
Futura International offers several kinds of IT and cybersecurity audits to clients. These audits include:
Business processes and control audits across applications
Each and every business makes use of a variety of business processes, whether automated, manual, or a combination of both. Industry jargon refers to these processes as “applications” or “systems”.
Both terms refer loosely to a very broad set of functions and / or tools. So, whether you are using a “previous generation mainframe”, a traditional server-based application, mobile, cloud web application or robot set-up, the complexity of the system remains susceptible to an array of threats and problems that affect functionality, thus, compounding the risk associated with multi-purpose systems.
Most applications today are referred to as “off-the-shelf”, meaning that they have replaced in-house developed (bespoke) systems.
Furthermore, the introduction of Machine Learning (ML) and Artificial Intelligence (AI) to the system development world has increased risks associated with data processing.
Let us get back to the risk aspect in relation to applications and systems. We are all aware that “risks”, i.e. malfunctional processes, affect business in three ways: they produce incomplete, inaccurate, and invalid data sets, which in turn impact your business negatively.
It is almost akin to the path a disease takes, as it spreads…if left untreated, the consequence of risk impacts every area of a business in a profound manner, with the consequence that mal-functionality seeps right down to customer service and financial record-keeping level.
Risks are an inherent part of maintaining data integrity, and occur through the many phases of data / system processing.
This could be at:
- The sourcing of data phase – transition from hard-copy formats, or adapting data interfaces, for example.
- Inaccuracies during the data input phase.
- Inaccuracies during the processing phase.
- Inaccuracies during the output phase.
- Inaccuracies during the storage phase.
In other words, problems might arise at any, or at many different phases within the system or application.
ML and AI bring with them a unique kind of problem, but the outcome remains the same: questions might arise over the soundness of the process as a whole. Because there is no clear logical or rational path involved in this kind of application, making intelligent decisions, or drawing conclusions with clarity brings complications, from an auditing perspective.
The ideal solution is to ensure the implementation of adequate and effective controls, where business processes complete task objectives accurately, completely, and with validity. This happens at management level, and is an integral part of both corporate and IT governance practices.
As mentioned, controls might be implemented by means of an automated process, or a manual process.
Ideally, manual processes compliment automated systems. To conclude – the manual process could include the review of system outputs (e.g. reports), where automated processes aid in enforcing important control measures, like user authentication, data input and processing edit controls.
Now that we have provided an all-round picture of systems and applications, and laid bare the pros and cons of both, you are wondering what our process entails.
Futura International offers you:
- External / Internal audit: For audit firms and organisations: we audit your application controls in order to facilitate audit reliance (in respect to external audits), or to report on the adequacy and effectiveness of internal controls (in respect of internal audits).
- Advisory: We advise you on the selection and design of the appropriate application controls.
General IT control audits
IT controls are designed to protect physical assets (hardware), and logical assets (data, security settings etc.).
Immaterial where these applications are hosted, that being in an on-premises server room or in the cloud, certain measures are needed to protect the IT infrastructure, and its data application process, to ensure integrity and security.
High-level general IT controls include:
- Policies, procedures, and maintenance of standards.
- User access rights and user authentication controls.
- User management controls.
- Security controls, security settings etc.
- Network perimeter controls (e.g. firewalls, Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS), anti-malicious software). A host of bespoke preventive and detective security software is available for this purpose.
- Network security controls include hundreds, even thousands, of product-specific security settings and rules, on different kinds of network equipment – servers, routers, hubs, and any other types of function-specific hardware.
- System change control as well as System Development Life Cycle (SDLC) controls.
- Project management controls.
- Data and systems availability controls, which includes data replications, data backups, disaster recovery controls, and so forth.
- Batch processing controls.
Futura International offers you:
- External / Internal audit: We assist audit firms or organisations to audit their general IT controls in order to facilitate audit reliance on automated controls (external audit) or to report on the adequacy and effectiveness of internal controls (internal audit).
- Advisory: We assist clients to select and design adequate and effective general IT controls.
- SOC 1 and SOC 2 audits. Please see more about SOC audit services
- Data privacy audits. Please see more about our data privacy services
- Business Continuity Planning (BCP) And Disaster Recovery Planning (DRP) audits. Please see more about our BCP and DRP services
- Cybersecurity audits. Please see more about our cybersecurity services
- ISO audits.
- Data assurance analytics.
- Service Level Agreement (SLA) audits. Please see more about our SLA audit services
- IT governance (policies and procedures) audits. Please see more about our IT governance audit services
- Project assurance and Systems Development Life Cycle (SDLC) audits.