Complexity of IT technology and progress, which recently has been observed, influence management perspective - every decision have to be supported with appropriate analyzes of available technology. Because of that boards in organizations look for specialists, who can make a research and give objective advise. In this way they minimize and mitigate risk connected with undertakings and avoid costs of implementation of solution, which is not reasonable and effective, and, sooner or later, they limit costs of maintenance of a new IT solutions.
Information systems audit is independent and objective activity, performed by experienced specialists, which effectively describe status and real requirement in relation to IT infrastructure, with taking into consideration overall technical, legal and organizational aspects. Sometimes audit could be mistakenly seen as activities focusing on verification of licenses or systems security review. Auditor should be an equal partner for CIO and by his/her activities should support organization in goals achievements and ensure management that organization plays according to the established rules. Auditor should have appropriate experience (min. 10 years) and qualifications and designations validated by independent industrial organizations like CISA/CISM certificates issued by ISACA. Auditor work should be systematic, established and consistent with audit process described by certification organizations. Activities performed by people inconsistent with practices described by those organizations should NOT be treated as information system audit.
DOBIS engages experienced auditors, who can effectively support organizations in goal achievements. The company uses both standardized audit processes and the market audit practices. Furthermore , DOBIS uses standards and best practices like:
COBIT, ITIL, ISO 7799, ISO 27001, ISO 20000, PMI, COSO, SOX, Basel II, etc.
TK
24.01.2008
