Business, Technology, Internet and netwo
 

Technology Audits

A COMPREHENSIVE APPROACH

Technology audits examine the risk management controls within an Information technology (IT) environment. The evaluation of obtained evidence determines if the architecture design and implementation safeguards assets, maintains data integrity, and operates effectively to achieve the organization's goals or objectives.



 
application-stack%20(1)_edited.jpg
 

The easiest approach to evaluating coverage of all the application stack layers is to break the stack into three main groups based upon their function within the service delivery.


Infrastructure Audits: Form the foundational, support framework upon applications reside.  


Application Development & Support Audits: Evaluate the activities specifically related to the development, testing, and promotion of application code to the live production environment. ​


Information Security Audits: Focus on the risk management strategies surrounding the confidentiality, integrity, and viability of​ information.

Shot of Corridor in Working Data Center
Coding software developer work with AR n
99072483_l.jpg

Infrastructure Audits

THE PRIMARY FOCUS OF INFRASTRUCTURE AUDITS IS TO EVALUATE WHETHER THE TECHNOLOGY CAN MEET THE SECURITY, STABILITY, AND FUNCTIONALITY REQUIREMENTS OF THE BUSINESS APPLICATIONS DEPLOYED WITHIN THE ENVIRONMENT.

Application Development and Support Audits

FOCUSES ON THE PROCESSES, PROCEDURES, AND TOOLS RELATED TO THE DEVELOPMENT, TESTING, AND DEPLOYMENT OF THE SPECIFIC APPLICATIONS SUPPORTING THE VARIOUS BUSINESS FUNCTIONS ACROSS THE COMPANY.

Information Security Audits

FOCUSES ON THE IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION ACTIVITIES DESIGNED TO PROTECTION INFORMATION.

 

Why Engage CTSA?

For each technology audit CTSA personnel will –  

  • Obtain an understanding of the activity being audited. The extent of the knowledge required should be determined by the nature of the enterprise, its environment, areas of risk, and the objectives of the engagement.

  • Consider subject matter guidance or direction, as afforded through legislation, regulations, rules, directives, and guidelines issued by government or industry.

  • Perform a risk assessment to provide reasonable assurance that all material items will be adequately covered during the engagement. Audit strategies, materiality levels and resource requirements can then be developed.

  • Develop the engagement project plan using appropriate project management methodologies to ensure that activities remain on track and within budget.

  • Include in the plan assignment-specific issues, such as:

    • Availability of resources with appropriate knowledge, skills, and experience

    • Identification of tools needed for gathering evidence, performing tests and preparing/summarizing information for reporting

    • Assessment criteria to be used – Reporting requirements and distribution

  • Document the technology audit or assurance engagement’s project plan to clearly indicate the:

    • Objective(s), scope, and timing

    • Resources

    • Roles and responsibilities

    • Areas of risk identified and their impact on the engagement plan

    • Tools and techniques to be employed

    • Fact-finding interviews to be conducted

    • Relevant information to be obtained

    • Procedures verify or validate the information obtained and its use as evidence