|
|
|
 |
|
|
|
|||
|
|||
|
|||
|
|
|
|
|
||||||
|
||||||||||
|
Home > Solutions > IT Audits & Compliance | |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
IT Audits & ComplianceIn most companies, key operational processes are managed by Information Technology systems. An IT organization, with well-defined internal controls, enables companies to identify and manage their IT related risks. Ability to manage and contain such risks is critical to ensuring compliance with regulations and mandates such as Sarbanes-Oxley Act (SOx), Gramm-Leach Bliley Act (GLBA), and Health Insurance Portability and Accountability Act (HIPAA).Most organizations regularly test the internal controls within their IT organization to ensure secure and continuous operation of their entire information systems infrastructure. Such controls, typically derived from COBIT control processes, reduce IT related risks and form the basis for good IT governance. In many industries, companies also need to assess their IT systems against frameworks such as ISO 17799 and ITIL to ensure compliance.
The IT Auditing and Compliance process is inherently complex as it involves multiple internal and external stakeholders. Existing audit infrastructures have evolved from the bottom up and organizations lack a single system of record preventing top down visibility and control. MetricStream provides a comprehensive solution for IT Audit and Compliance. Designed to support the COBIT framework, the solution ensures sustained compliance of IT controls at significantly lower costs. By deploying the MetricStream solution, organizations can streamline their IT Audit and Compliance processes and enable multiple stakeholders to have visibility and control. It also provides a single system of record for IT audits by integrating with the various solutions that have already been implemented to automate the testing of various controls. Environment and Process Design: MetricStream solution enables the organization to document the control hierarchy according to COBIT framework, design assessment plans, and setup the IT compliance environment within the organization. Control Assessment: Assessments can be scheduled to test and document the design effectiveness and operational effectiveness of the IT controls. The solution provides a framework that automates the testing of IT controls and reports the results for the entire test - including manual and automated controls, in an integrated manner. Control Improvement: Once any issues are identified and documented, the solution automates the remediation, exception, and disclosure processes, tracks their status, and ensures successful completion. Monitoring Compliance: Role based dashboards and scorecards provide visibility into the ongoing IT compliance efforts within the organization. The solution has the ability to track design status, process ownership, assessment plans, etc. on graphical charts that can be accessed globally and display real-time information. Ability to drill-down provides an easy way to access the data at finer levels of detail. Document Management: An integrated document management system provides a central repository for all documents required for compliance including IT policies, procedures, and system lifecycle documents. Collaborative tools allow authorized users to globally access, create, and modify documents in a controlled manner while maintaining revision history and version control. Training Management: Training management enables the organization to make compliance a part of the company's culture by driving consistency through managing all aspects of employee training. Audit Management: Audit management automates process-level self-assessments and enables internal and external auditors to plan, schedule, and conduct regular audits. |
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
