New IT Risk Services has developed a highly successful IT audit methodology, based on three main elements:
Practical, hands on approach
Mix of solid evidence based activity and in-depth consultancy work
We provide a portfolio of services to your company, unique in the industry
Ad Interim IT audit director/manager:
Thanks to many years of experience at executive level, we can take care of your IT audit department in a supervisory role, leading the IT audit function for a period of time according to commonly accepted best practices and/or existing internal rules and procedures.
As experienced people manager, we can take responsibility for a large group of professionals, assisting your company in moments of leadership transition, business reorganization and restructuring, mergers and transformation.
IT audit function review and reengineering
We can review and assess your IT audit department and assist you in transforming it into a partner in business. Companies concerned with the effectiveness of their IT audit function, interested in a new approach to this activity, can count on our business and result focused approach
IT audit engagements
Extended ISACA standard: we follow IIA and ISACA guidelines, as CISA (Certified Information System Auditor), but we also evaluate IT controls according to a range of different standard and best practices, like CoBIT and ITIL. Concerned with IT security? As Certified Information System Security Professional (CISSP) we can evaluate your security exposures according to leading and worldwide accepted guidelines.
ISO 27001: we can audit according to the ISO 27001 standard, as certified Lead Auditor from the British Standard Institute (BSI). We can also assist in preparing for ISO 27001 certification, assessing your preparedness.
- Customized IT audit: many companies have developed their own IT audit standard, and we can perform IT audits according to YOUR best practices, ensuring compliance with internal rules and procedures. All we need is your IT audit program!
- Fraud and investigations: we can assist your company in searching for evidence present in IT systems. E-mail, system and database logs often contain a wealth of information about what has happened in the past. Systems and program configuration analysis can assist in determining if certain activities could take place, and how. Video recordings, physical access systems and telephone logs can be analyzed in depth to ascertain a number of facts. In many jurisdictions, these elements can be used as evidence.
New IT Risk Services can be engaged on a short, medium and long-term basis. We are available to perform:
ONE - On-demand engagements (one-off)
MANY - A number of different reviews
ALL - Taking care of the whole IT audit cycle within your company.