IT System Audits

IT System Audits

  1. Overview

In the post-Enron era, compliance is king.
Failure of controls, as witnessed in cases of Barings, Enron, WorldCom etc. has brought the issue to the forefront of managements all over the world. Companies are being told by regulators to control key IT information processes and to clearly demonstrate such control through rigorous systems and audits. IT audits are an industry best practice to ensure that a company’s IT systems are robust and sound.   An IT audit may include audits of the IT infrastructure, Web applications, network security, application security, and a vulnerability assessment and penetration test.

  1. Approach

Seven Step Consulting offers professional audit services for entire IT systems or a part of them. Battle tested  Seven Step Consulting  IT auditors  will help you  obtain evidence to determine if the information systems are safeguarding your assets, maintaining data integrity, and operating effectively and efficiently to achieve the organization’s goals or objectives.

Seven Step Consulting  uses an industry standard project management methodology to conduct the audit. Our project team includes CISAs, CCNAs, CCNPs, CISSPs, CEHs, ISO27001LAs and ISO20000LAs.

  1. Benefits

Our professional IT System Audit is the difference between a business whose IT drives greater productivity for them, and a business whose IT wastes countless hours of their staff time each year, and is exposed to significant unseen but very apparent business threats. A clear view of your entire IT infrastructure could help you achieve substantial financial savings and avoid security, compliancy and productivity issues and help

  • Achieve software compliancy
  • Reduce costs – unused software licensing, unutilised assets,
  • Redundant maintenance contracts
  • Improve application supportability and reduce support costs
  • Reduce power consumption and carbon footprint
  • Reduce security threats
  • Reduce Cost of your    IT Infrastructure –
  • Robust, redundant and secure network architecture
  • Security & Compliance Intelligence
  • Updated and manageable information risk portfolio
  •  Impenetrable first line of defense and defense in depth (layered protection).
  • Increase desktop and server utilisation rates,
  • Identify best consolidation and virtualisation targets,
  •  Create a predictable investment plan
  •  Asset listing and Analysis of
    • All hardware, software for your accounting/budgeting and equipment lifecycle planning
    • Environmental conditions for equipment including heat and power protection
    • Network architecture and Network design analysis and network diagram .
    • Desktops
    • Network devices Security devices Network management
    • Network administration
    • Operating systems versions and security/bug patching
    • Security Analysis on multiple levels.
    • RDBMS
    • Web servers
    • E-mail servers and other application servers
    • Backup systems hardware, software, data sets, disaster readiness and risks
  • Vulnerability assessment and penetration tests
  1. Deliverables

The key deliverables include:

  • Report on appropriateness of hardware in all PC-based equipment and how that impacts performance
  • Report on server hardware appropriateness, performance, levels of redundancy and any associated risks.
  • Network Architecture Review Report – covering  the loopholes in the current IT network architecture and threats due to them
  • Security Architecture Design Report – Either a redesign of existing security architecture or a completely new design.
  • Vulnerability Assessment And Penetration Test Reports


    Penetration Security Testing