IT Audit, Compliance, & Co-Sourcing
Today’s dynamic information technology world requires that IT auditors continuously update their technology skills to understand and address your company’s technology environment. The Sarbanes Oxley Act of 2002 created a minimal baseline for information technology audit; however, was in no way meant to cover all the information technology risks of an organization in any industry. Additionally, most Internal Audit organizations either cannot afford to have a dedicated IT auditor on staff, cannot afford to send their auditors to training on the latest technologies, or have limited IT auditor resources.
As a result, the organization does not have the necessary technical skills to assess all possible existing and emerging information technology risks in their organization. Due to these limitations, Internal Audit organizations struggle to complete their yearly IT audit related projects, or their IT audits fail to adequately assess the risk to the organization.
The following is a list of example projects our IT Audit professionals have partnered with Internal Audit and Compliance groups to perform:
- Data Analytics – ACL, Idea, Microsoft Products
- Virtualization – VMWare / Hyper-V
- Windows Services/Active Directory
- Mobile Computing – Mobile Device Management, BYOD,
- Software Development / Change Management – Custom Developed Applications
- Interface Assessment – CATS
- Database – SQL Server, Oracle, many others
- Applications – SAP, Oracle, Microsoft Dynamics AX, Great Planes, Navision, NetSuite, many others
- Cloud Computing
- Networks – Firewalls
- Third Party Vendor Assessments
- Enterprise Risk Assessment – COBIT 5
- Compliance – HIPAA, Privacy Act, FISMA, PCI
- Cloud Security Alliance
- Web Security
- Social Media Audit
- Information Security Management
- ISO27000, 27001
- PCI Readiness
- NIST Cyber Security Frameworks
Our consulting team employs seasoned IT Auditors who are industry experts in IT Audit. We keep our auditors on staff and continually train them in the latest technologies and IT related risks. In many cases, our auditors have over 20 years of IT audit and risk assessment experience as a CISA (Certified Information Systems Auditor) or CISSP (Certified Information Systems Security Professional). You can be confident that our auditors not only know how to assess the older technologies, but also understand how to assess the newest technologies as well. Hein & Associates prides itself in having the right technology specific IT Audit resources on staff and available when you need them. When co-sourcing IT audit projects to Hein & Associates, we partner with your organization to make sure the project is completed right the first time, on time, and on budget.
- Change the IT audit function from one of compliance to being a strategic enabler and risk advisor to the business.
- Certified and experienced professional IT audit resources who are 100% dedicated to performing IT audits in their career.
- Supplement your existing IT audit staff’s knowledge
- Train your existing IT auditors on auditing the latest technologies.