Get a quote
IT Audit

IT Audits

What is IT auditing?

IT (information technology) audits examine and evaluate organisations’ IT controls – the policies and procedures that ensure information systems operate as intended.

Whether carried out internally or by independent external auditors, IT audits should provide objective assurance of corporate IT governance, risk management and/or compliance activities.

This will help demonstrate that your organisation is meeting its legal and regulatory obligations in line with its business objectives, or – if it is falling short – inform a programme of improvement.

IT audit and risk management

IT audits are an essential part of enterprise risk management. Like other types of audit, they gather qualitative and quantitative evidence, which can be assessed to identify weaknesses in your operations and inform how you resolve those weaknesses.

They can be carried out against any relevant standard or set of best practices, such as ISO 27001SOC 2, or the CIS Controls.

IT audit standards

Audits can use a variety of standards and best practices as benchmarks, including:

ISO 27001

ISO 27001 is the international standard for an ISMS (information security management system) – a systematic approach to organisational security that encompasses people, processes and technology. Compliant organisations can achieve certification to the Standard to demonstrate that they are following best practice. Part of the process of demonstrating compliance with the Standard is carrying out internal audits at planned intervals.

SOC 2

SOC 2 (Service Organization Control) audit reports provide detailed information and assurance about a service organisation’s security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria). The TSC are an industry-recognised, third-party assurance standard for auditing service organisations such as Cloud service providers, software providers and developers, web marketing companies and financial services organisations.

CIS Controls

The Center for Internet Security (CIS) Controls are a prioritised set of 20 actions designed to mitigate common cyber attacks on systems and networks. There are six Basic, ten Foundational and four Organizational controls, ranging from creating an inventory of hardware assets to carrying out penetration testing.

IT audit qualifications

SACA® (formerly the Information Systems Audit and Control Association) is an independent non-profit organisation. Its CISA certification is an internationally recognised qualification for information systems audit control, assurance and security professionals. IT Governance is the exclusive approved reseller of ISACA publications and offers a complete range of CISA products, including study guides and training, designed to help you pass the CISA exam at the first attempt.

Learn more about CISA

Lead Auditor

Build your career as a lead auditor, lead a team of auditors and gain the skills to achieve compliance with ISO 27001 with this five-day course. By attending and passing the course exam, you will achieve the ISO 27001 Certified ISMS Lead Auditor (CIS LA) qualification.

Learn more about the Certified ISO 27001 ISMS Lead Auditor Training Course

Internal Auditor

Learn hohttps://www.itgovernance.co.uk/shop/product/certified-iso-27001-isms-lew to drive continual improvement of your organisation’s ISMS, how to identify opportunities for improvement and take corrective action to maintain conformity to the ISO 27001 standard with this certified two-day course. By attending the course and passing the exam, you will achieve the ISO 17024-certificated ISO 27001 Certified ISMS Internal Auditor (CIS IA) qualification.

Learn more about the Certified ISO 27001 ISMS Internal Auditor Training Course

ISO 27001 Internal Audit Service

Implementing and maintaining an ISO 27001-compliant ISMS (information security management system) requires ongoing review. Part of this process is internal audit, which must be carried out at planned intervals in accordance with Clause 9.2 of the Standard.

Our ISO 27001 Internal Audit Service provides a two-day audit of your organisation’s ISMS by a qualified auditor.

Learn more

Cyber Security Health Check

Our Cyber Security Health Check will help you identify your weakest security areas and recommend appropriate measures to mitigate your risks.

It will provide you with a concise and detailed report describing your current cyber risk status and critical exposures, and will draw on best practice to provide recommendations for reducing your cyber and compliance risks.

Learn more

Privacy Audit Service

An internal audit conducted by a privacy expert can help you validate whether your practices are in line with the requirements of the GDPR, PECR (Privacy and Electronic Communications Regulations), or both.

Our experienced data privacy team will assess your organisation’s data privacy and information security practices through an on-site compliance audit, checking them against relevant regulatory requirements, ICO (Information Commissioner’s Office) guidance and established best practice.

Learn more