Do you benefit from the best possible information system?

Our primary objective is to evaluate the adequacy of the controls conducted within the IT department at all levels, in order to make sure that we can rely on these controls to pursue our audit procedure using the following exhaustive approach:

  • The segregation of tasks within the informatics organization;
  • Maintenance operations on a set of applications;
  • Operational activities in the IT environment;
  • Management of the IT security;
  • Management of the backups and the business continuity plan.

The following themes correspond to internal control objectives that are to cover the principle risks linked to the usage of ERP:

Technical infrastructure

  • Revision of the security measures existing within the technical infrastructure;
  • Software security of the operating system, the database and the network;
  •  Physical security of the system;
  •   Backups and contingency plan;
  • Resource protection: evaluation of the technological choices, intrusion tests, evaluation and assistance for the implementation of a system architecture and security policy;
  • E-Commerce: a vast range of services linked to security and cryptography enabling the testing of the firewall’s strength and to efficiently protect the transferral of payments as well as the sending of sensitive information through the Internet;
  • Telecommunications and networks :
    • For telecom operators: analysis and improvement plan for the systems and processes linked to the handling of revenue streams and payment collection.
    • For companies: analysis and optimization of the telecom infrastructure.

Application security

  • Revision of the principles and procedures regarding application security;
  • Identification and protection of ERP’s critical transactions;
  • Creation and adaptation of user profiles in line with the principles of task separation;
  • Access monitoring;
  • Maintenance and progress procedures.

Control of the functional processes

  • Adequacy assessment of the risk controls as identified during the functional processes;
  • Examination of the automatic control parameters in ERP;
  • Implementation of specifically developed programmed controls;
  • Monitoring of the manual controls as available in ERP and/or those that have been tailor-made.