IT Audit & Risk Consulting

IT Audit and Risk Consulting

The IT Audit and Risk Consulting practice offers a full range of technical IT audit services which employ recognised baselines and standards to assess a variety of focus areas including IT general computer controls, network and server security, wireless security, database and application security.

Our work is focussed on mainly state and federal government departments that have a legal obligation to conform to legislative requirements pertaining to IT general computer controls and risk management requirements. We also provide services to corporate entities running large ERP applications over segregation of duties, application controls and the supporting IT control environment. This also includes “backdoor” access to circumvent application controls.

Our methodologies have been developed from recognised standards and baselines and are fully scalable to meet different legislation, governance and policy requirements. Some baselines we use include:

  • ISO AS/NZS 27000 series of information security management standards for IT general computer controls
  • COBIT 5.0 (Control Objectives for Information and related Technology) for IT governance
  • ITIL 3.0 (Information Technology Infrastructure Library) for service management
  • Vendor guidelines for server, network and end-user computing security

We use a variety of commercial and recognised freeware tools to assess vulnerabilities.

With over 30 years of technical expertise in the field of IT our team can provide technical reviews with outcomes reported in layman’s terms which are easily understood by Boards, corporate executive and audit committees.

Our strong understanding of current industry standards and ability to adapt organisational specific processes, risks and priorities allows us to undertake unique engagements that provide independent assurance, strategies, designs etc to applicable stakeholders within the organisation.