• A site by BDO Mauritius
  • IT Governance

IT Assurance


Overview

With technology increasing in sophistication and complexity, it is essential that the Board of Directors and Senior Management have access to leading edge IT Assurance skills that will bring value and insight to your business.

Using our industry-proven experience and knowledge, our professionals will assist you in sustaining and managing your information risk exposure and reducing IT risks in a sustainable manner.

 

IT General Controls Audit

Our dedicated IT Audit team reviews the existence and effectiveness of the controls in your IT environment within which your information systems are developed, maintained and operated.

Based on ISO 27001, our IT audit methodology covers the following: security policy, organisation of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition development and maintenance, information security incident management, business continuity management and compliance.

 

Application Controls Review

We perform application controls reviews to assess whether the software in use accurately and adequately serves the business functions and operations. These reviews cover the input, processing, and output functions of each business application and are done through walkthroughs of the different business processes and data analysis.

The main objectives are to identify possible risks related to the business activity served by the application (worst case scenarios) and assess the inherent controls in the system that address these risks.

 

Data Integrity and Reports Integrity Review

Information integrity is fundamental to meaningful decision making. We make use of specialised data interrogation and data analytics tools such as ACL and IDEA to uncover potential data inconsistencies and recommend steps to remediate the issues.

 

User Access Rights Review

User access rights reviews help to identify the privileges of each user based on his/her roles and functions within the organisation. These reviews help our clients to verify and monitor the users’ access to key business and support systems. Any access modification or addition, as recorded in the historical log, is also assessed and cross-verified against change in business requirement.


 

ISO 27001 Audit

Should you be looking for a renowned security certification or improve your IT security stance, we can assess your IT security controls against the ISO 27001 IT security standard. The process includes:

  • The documentation review of your Information Security Management System
  • Creating checklists about specific policies, procedures and plans
  • Planning and performing the audit
  • Reporting and follow-up

     

System Change and Data Migration Review

Data migration is a major concern when changing IT systems. There are several challenges to consider and our team of data analysis experts will help you reduce the business impacts of data migration (down-time, data loss and increased costs) by establishing a method that includes planning, technology implementation and validation and which is unfailing, trustworthy and can be replicated.

Moving the data into the new environment is important to the overall integrity and quality of the data being used post go-live. We will assess the quality of the processes to extract, transform and load the data into the new environment. This phase will also evaluate the adequacy of the data privacy controls in place as data is migrated.

 

Software Testing

We prepare and perform software tests to validate that the software or application used meets business and technical requirements. These tests help identify any functional or security gaps, system errors or wrong configurations.

 

Project Assurance

We provide an independent challenge and insight you require. Our methodology focuses on the six layers that provide the key foundations for every project. We can tailor our approach to meet your specific requirements, with all or a few of the layers being in-scope to review:

  • Project Initiation
  • Specification and Procurement
  • Design Effectiveness
  • Project Management:
  • Testing
  • Training