中文     English
  Consulting Services
  Auditing Services
  Implementation Services
  Outsourcing Services
 
Auditing Services

The primary functions of an IT audit are to evaluate the system's efficacy and security protocols, in particular, to evaluate the organization's ability to protect its information assets and properly dispense information to authorized parties. The IT audit's agenda may be summarized by the following questions:

  • Will the organization's computer systems be available for the business at all times when required? (Availability)
  • ill the information in the systems be disclosed only to authorized users? (Confidentiality)
  • ill the information provided by the system always be accurate, reliable, and timely? (Integrity)

The IT audit focuses on determining risks that are relevant to information assets, and in assessing controls in order to reduce or mitigate these risks. By implementing controls, the effect of risks can be minimized, but cannot completely eliminate all risks.

MTC can provide five specific approaches to carry out an IT audit:

  • Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.
  • Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
  • Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
  • Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
  • Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.