Information Technology (IT) Audit Management
In most companies, key operational processes are managed by Information Technology systems. An IT organization, with well-defined internal controls, enables companies to identify and manage their IT related risks. Ability to manage and contain such risks is critical to ensuring compliance with regulations and mandates such as Sarbanes-Oxley Act (SOx), Gramm-Leach Bliley Act (GLBA), and Health Insurance Portability and Accountability Act (HIPAA).
Moreover, companies leveraging outsourced services that impact their own control environment rely on SAS 70 service auditor reports to gain an understanding of the IT processes of their service providers.
Most organizations regularly test the internal controls within their IT organization to ensure secure and continuous operation of their entire information systems infrastructure. Such controls, typically derived from COBIT control processes, reduce IT related risks and form the basis for good IT governance.
In many industries, companies also need to assess their IT systems against frameworks such as ISO 17799, ITIL and SAS 70 audits to ensure compliance.
The IT auditing and compliance process is inherently complex as it involves multiple internal and external stakeholders. Existing audit infrastructures have evolved from the bottom up and organizations lack a single system of record preventing top down visibility and control.
MetricStream provides a comprehensive IT Audit Management software solution for IT audits and compliance . Designed to support the COBIT framework, the solution ensures sustained compliance of IT controls at significantly lower costs.
By deploying the MetricStream IT Audit Management software solution, organizations
can streamline their IT auditing and compliance management processes and enable multiple stakeholders to have visibility and control. It also provides a single system of record for IT audits by integrating with the various solutions that have already been implemented to automate the testing of various controls.