IT audit is an increasingly difficult challenge for organizations that involves both internal and external stakeholders.   An IT Audit can originate from many different directions including external regulations, internal audit, or executive directive.   In all cases, many organizations regularly test IT controls to ensure that IT systems meet business expectations.   The resulting assessment helps organizations, stakeholders, and executives better understand the state of IT by answering questions about operations:

  1. Will the organization's computer systems be available for the business at all times when required?
  2. Will the information in the systems be disclosed only to authorized users?
  3. Will the information provided by the system always be accurate, reliable, and timely?

IT is an integral part of every organization, and understanding the risks of IT as they relate to the individual organization is the IT Audit’s primary goal.  Whether have an existing framework, looking to build an IT framework, or just need an audit around regulations such as COBIT, ISO 27002, NIST, ITIL, NERC, HIPAA, PCI, Basel II, FISMA, GLBA, SOX, and FFIEC, then PBTK can help.

Please contact Sam Belnap, PBTK’s Director of IT Risk Management, for more information.