ICT
AUDITING SERVICES
1. ICT RISK
MANAGEMENT ADVISORY SERVICES
This service is available to clients who
are in the pre-implementation stage of commissioning
IT System, simple or complex that accepts,
process, distributes and
delivers and is the repository
for highly sensitive transactions and information
– such as commercial banks, security
firms, treasury operation of corporations,
and so forth.
The deliverables of the review may be used
by the client as a ‘driver’
for the formulation of an IS Strategic Plan
and Budget in order to integrate the necessary
IS Security Risk Management components
into the overall solution.
Alternatively, a client can stipulate the
area of concern and the ICT-Risk Management
Services Organisation (BKYG CONSULTANTS)
will conduct the appropriate reviews and
report on all information security weaknesses
or breaches in the organization, evaluating
the security functionality
in a particular application, business operational
support, network and paperless
solutions, new products being evaluated,
and even in a technologically related complex
legal contract.
|
2) ICT
POLICY DEVELOPMENT AND ICT MANAGEMENT
FUNCTION DEVELOPMENT
The most value-added service provided
by the ICT-Risk Management Services Organisation
(ICT-RMSO) to assist clients in securing
themselves thoroughly by operating on
‘auto-pilot’ mode. The ICT-RMSO
(BKYG Consultants) will establish
and implement an ISP – Information
Security Policy, design the specifications
necessary for the framework of the IS
management function, implement and train
the support team to maintain and enforce
the IS policies.
From the deliverables created out of
this consultancy services, the client
will reach the state of being ‘ISO-ready’
even if such stage has never been considered
achievable previously.
|
3)
ICT STANDARD OPERATION PROCEDURE DEVELOPMENT
This service will compliment the development
of an ISP – information Security &
Policy. The client will be provided the following
deliverables :- |
|
Operational Procedures that
incorporate online functions ; |
| |
Flowcharts of the workflow ; |
| |
Security Access control capability ; |
| |
Vital records management ; |
| |
Business fall-back / resumption procedures
; and |
| |
Internal controls established. |
| |
|
4) IS /
ICT MANAGEMENT AUDIT
This is one of the branches of the ICT
Audit that the ICT-Risk Management Services
Organisation will provide. Its concentration
is very much on Financial
and Compliance Audit related
to the Governance of
the ICT functions in the client’s
organization.
The areas that this branch of an ICT
Audit will cover are physical access to
ICT premises, IS-governed access control
to the ICT resources – databases--
files -- records, etc., and ICT procurement
procedures.
|
5) ICT
APPLICATION AUDIT
ICT Application Audit concentrates on
the nature an application is behaving
in deriving and creating expected results
(as intended and stated in Policies
and Guidelines)
from data processing activities.
Inputs, the Application’s
Parameter files and outputs are
three key information examined initially
and followed by random testing to verity
the overall behaviour of an application
(or several applications) to meet the
expected results. Application functionality
and performance are evaluated.
Apart from this, Application
Audit also looks at infrastructure
security and access controls
pertinent to the application(s)
being audited involving many different
classes of users of the application (such
as system administrators, supervisors,
data entry operators, etc.) information
distribution, retention, disposal procedures
and business continuity.
|
6)
ICT TECHNOLOGY AUDIT
Information Systems / ICT Technology Audit
concentrates on the attributes of the technology
implemented and configured based on policies
and procedures adopted by the client’s
organisation.
The main focus of this audit are on :- |
|
Technical platform and security (involving
the access control configuration at the operating
system level)
|
|
Access controls on resources available on
the data network (e.g.. Databases applications
folders, networked printers, scanners, CCTV
cameras, sensors, etc.)
|
| |
Office Automation and e-commerce applications
enabled by the clients business. |
