Mandem Consulting can provide a virtual IT Audit function that uses state of the art methodologies and tools to ensure technology risks are identified and that a balanced approach is used to review IT threats and controls. Through this process we evaluate the adequacy of technology controls and the level of compliance with established standard operating procedures and best practices.
Types of IT Audits:
- Logical Security Reviews (All Platforms)
- Operating Systems Reviews (Windows, UNIX, and Mainframe)
- Disaster Recovery Reviews
- ERP Control Reviews (SAP, Oracle, and Peoplesoft)
- External Audit Assistance for year end annual engagements
- Project Management Reviews
- Application Control Reviews
- System Development Life Cycle Reviews
- Network/Client Server Reviews
- Data Center Reviews
Service Auditor Report (“SAR”) or a SAS70 Report
Certain service providers (e.g. computer processing service bureaus and ASP’s) are required to make available a periodic report performed by an independent public accounting firm that discloses the adequacy of information systems controls and the level of compliance with the organization’s standard operating procedures. This report is also referred to as a Service Auditor Report (“SAR”) or a SAS70 Report. Mandem Inc. can perform these procedures and prepare the SAR report.
Mandem Consulting also provides an AICPA audit assurance service called SysTrust. The SysTrust engagement and report provides a client with assurance that their systems are , in fact, reliable. When we perform a SysTrust review, we use the following four principles to evaluate whether a system is reliable:
- Avalability. Does the system operation and provide information in accordance with its stated availablility and is accessible when routine processing and maintenance must be performed?
- Security. Is the system protected against unauthorized physical and logical access? Logical access is the ability to read or manipulate data through remote access. Restricting system access helps prevent potential abuse of system components, theft or system resources, misuse or system software and improper access to and use of information.
- Integrity. Is system processing complete, accurate, timely and authorized?
- Maintainability. Can the system be updated to provide continued availabilit, security and integrity?
This report provides technical assurance that systems are reliable for smaller middle market organizations.