IT Audit Management

Favorites

More Topics Datasheets Webinars Solution Briefs

The IT auditing process is inherently complex as it involves multiple internal and external stakeholders. Existing audit infrastructures have evolved from the bottom up and organizations lack a single system of record preventing top down visibility and control. Moreover, companies leveraging outsourced services that impact their own control environment rely on SAS 70 service auditor reports to gain an understanding of the IT processes of their service providers.

Most organizations regularly test the internal controls within their IT organization to ensure secure and continuous operation of their entire information systems infrastructure. Such controls, typically derived from COBIT control processes, reduce IT related risks and form the basis for good IT governance.

Insights Streamlining the IT Audit and Compliance Process   Press Releases VeriSign Selects MetricStream GRC Solution for Sarbanes-Oxley Compliance

Risk-based IT Audit Planning: MetricStream supports risk-based IT auditing and allows selecting IT processes, assets, projects and other audit entities to define the scope of the audit based on risk  assessments. The solution integrates with third-party tools to gather risk and vulnerability information of IT system (such as weak passwords and unused ports in web server)to enable auditors to plan audits based on risk profile of IT assets.

IT Audit Projects: IT audit projects can be schedule periodically based on the annual audit plan or triggered on an ad-hoc basis for specific processes, projects or applications. Based on the master audit calendar auditor or a team of auditors can be selected and assigned the audit responsibility with a due date. Automatic notifications are sent to the auditor as well as the entity to be audited. Work papers with fully configurable workflows are created by the solution to allow auditors to document the activities carried out and results of procedures associated with an audit project.

IT Audits and Assessments: The application enables IT auditors to record qualitative or quantitative findings along with detailed observations and recommendations in predefined formats alongside the checklist of evaluation criteria and questions. The system also supports a systematic mechanism for triggering self-assessments and surveys related to IT controls in a consistent, reliable and predictable manner. Audit managers can track the status of the audit and measure the progress against milestones to ensure timely execution. Time tracking capability captures the time spent in auditing for optimal resource utilization.

IT Audit Reviews: The solution routes audit findings, observation reports and auditors recommendations for review and subsequent actions. Findings are sent to the process owners to seek responses on findings or issues observed. The application has built-in workflows for reviewing responses for approval or rejection with the options to initiate remedial actions for undesirable variations and trends as well as to schedule follow-up audits.