Scope & Methodology of IT Audit

The scope of work at organizations' premesis consists of following:

Evaluation of the current IT infrastructure.

How might architecture be modified so that it adds more value to the organization?

Evaluate the processes by which systems and/or infrastructure are developed/acquired and tested to ensure that the deliverables meet the organization’s objectives.

Evaluate the IT procurement policies.

Evaluate the readiness of the system and/or infrastructure for implementation.

Perform reviews of systems and/or infrastructure to ensure that they meet the organization’s objectives and are subject to effective internal control.

Evaluate the process by which systems and/or infrastructure are maintained to ensure the continued support of the organization’s objectives and are subject to effective internal control.

Evaluate the process by which systems and/or infrastructure are disposed of to ensure that they comply with the organization’s policies and procedures.

Evaluate data administration practices to ensure the integrity and optimization of databases.

Evaluate the functionality of the IT infrastructure (e.g., network components, hardware, system software) to ensure that it supports the organization’s objectives.

Evaluate the design, implementation, and monitoring of physical access controls to ensure the confidentiality, integrity, availability and authorized use of information assets.

Methodology included review of existing policies and procedures related to information technology, interviews with management and staff, and analysis of pertinent data and records. Tolls used to audit the systems and networks include Open Audit and Dump ACL.