GRCBUS
Get compliant, stay compliant
Services Portfolio
Packaged Solutions
Vendor Management
Due Diilgence Services
Technology Audits
Our Partners
Case Studies
Contact Us
Buck's Blog
Home

Technology Audits

 

GRCBUS performs audits of Information Technology and Systems components to meet your specific Governance, Compliance Readiness or Investigation requirements.

 

Some important aspects of our audit methodology are:

 

1. As Certified Information Systems Auditors (CISA) under Information Systems And Controls Association (ISACA), we abide strictly by ISACA obligations of professional ethics, performance standards and competence to perform unbiased and professionally governed audit procedures in all our engagements as prescribed in ISACA’s professional ethics and standards.

 

2. Where available, we use ISACA’s Audit guidelines. This ensures a comprehensive and professionally competent audit procedure, work-papers, reporting and follow-up actions. We will always explain the ISACA Audit guideline and its implications to the client prior to performing an audit based on ISACA methodology.

 

3. There could be areas of technology where a specific and direct ISACA guideline or procedure may not exist. This may include emerging technologies for which ISACA has not released a formal guideline (e.g. cloud computing at this point in time) or a specific client requirement not covered by ISACA (say, audit of SCADA systems). We will follow audit principles similar to ISACA standards and guidelines but will always explain to the client that we are not using ISACA guideline in this particular instance and the reason.

 

4. Based on the above and related discussions, we will receive an Audit Charter from the client detailing the audit scope, goals, coverage, earlier work, timelines and fees. We will perform the audit exactly as defined in the Audit Charter.

 

5. We use all the prior work available with the client such as audit reports (findings, observations, work-papers), incidents and events connected with the audit area, examiner / regulator reports, internal information on architecture and changes thereto and any other information the client declares and provides access to. This ensures that we build maximum understanding of the risks and remediation efforts and are able to take a historical view of the risk faced by the client in the audit area.

 

6. We provide a detailed audit report at the conclusion of each audit project as per ISAC standards, consisting of:

  1. Scope, Objectives, Period of Coverage

  2. Nature, timing and extent of audit work performed

  3. Findings, conclusions and recommendations

  4. Reservations, qualifications and limitations

  5. Audit evidence

  6. Management Response (if part of audit project)

 

The client gets complete information on the risks in the audit area and required  action items to mitigate the identified risks.

 

7. If management's proposed actions to implement reported recommendations have been discussed with, or provided to us, as part of the engagement, these actions will be recorded as a management response in the final report and follow-up activities will be performed against the management response commitments.

 

Please see the individual audit areas where we offer our services.