MONITORING > Assessments/ Auditing for Effectiveness

Assessments/ Auditing for Effectiveness

Audit assessment is the process of collecting and evaluating evidence to determine whether a management system has been designed to maintain quality of the deliverables and allows organizational goals to be achieved effectively, while ensuring efficient resource utilization. STRATEGIQA has vast experience in auditing all types of management systems.

Objective of audit trail is to obtain sufficient evidence matter regarding the reliability and effectiveness of the management system. To achieve this STRATEGIQA obtains enough information from management and the users. Our focus is to recreate processing action and to trace the sources of intentional and unintentional errors. Our comprehensive coverage, with constant focus on business risk management has been appreciated by all our clients who have gained immense value additions.

By audit assessment STRATEGIQA provides diagnosis, sets the standards, evaluates progress, and motivates performance and summaries the possible defensive measures and their costs and estimated probable savings form better protection. Preparation of a proactive maintenance program for temporary files, regular disk fragmentation, spy ware cleaning, and other tasks that are required to keep client systems operating at peak efficiency and effectiveness in the future. We help clients prepare a plan of action for cleaning up any problems discovered in our assessment.

Audit of any management system is based on risk assessment and risk management principles. Risk assessment is the identification and analysis of significant risks which can hamper the achievement of the objectives, forming a basis for determining how the risks should be managed. A formal risk identification process must identify the extent and nature of the risk, the circumstances under which risks arise, the causes, and potential contributing factors. It is a process aiming at an efficient balance between realizing opportunities for gains while minimizing vulnerabilities and losses. It is an integral part of management practice and an essential element of good corporate governance. The auditing of security-relevant events and the monitoring and tracking of system abnormalities are key elements in the detection and recovery from security violations. Risk Management should be an endlessly recurring process consisting of segments which, when properly implemented, enable continuous improvement in decision-making and performance improvement.

The policies and procedures of ISMS that help ensure management directives are carried out are called the controls. Control activities are closely related to risks in an organization. Other control activities include authorization, financial information reconciliation, asset verification, and appropriate delegation and segregation of duties. Control activities may be preventive or detective, and should be evaluated based on the benefits and associated costs. Risk is a function of the likelihood of a given threat exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. To determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system. IT Auditor must know the characteristics of users of the information system and the decision making environment in the organization while evaluating the effectiveness of any system.

Any system needs to be monitored periodically to ensure that effective compliance exists while meeting the business objectives. STRATEGIQA conducts these periodic system health checks, to appraise the management about the system health and recommend actions for improvements, considering the users need assessment and organizational setting. Our IT Audits evaluate the reliability of computer systems. In addition, they examine the adequacy of controls in information systems and related operations to ensure system effectiveness. Data integrity relates to the accuracy and completeness of information as well as to its validity in accordance with the norms.

An effective information system leads the organization to achieve its objectives and an efficient information system uses minimum resources in achieving the required objectives. STRATEGIQA follows appropriate audit approach by following the steps the preliminary evaluation, extent to which reliance can be placed on any work carried out by Internal Audit and nature of any constraints like lack of any audit trail and the practicability of testing.

Effective compliance testing of key IT controls and each control to be tested will require large samples. We also consider the issues like system information including start up time, stop time, restarts, recovery etc. Transaction information including input items which change the database, control totals and rejected items, communication information including terminal log-on/off, password use, security violation, network changes and transmission statistics.

An inventory of all hardware & software in use is the beginning of our IT assessment. And an analysis of antivirus & effective spy ware protection to ensure that client systems are protected against outside threats introduced by Internet access or transfer of information into client systems from other sources.

STRATEGIQA conducts a comprehensive workshop on planning and conducting management systems audits, which include actual auditing practice sessions. The participants learn how to identify systemic weaknesses, how to validate the system and how to report the findings.

......back to Monitoring and Improvements page