As auditors we specialise in the evaluation and even certification of internal controls in all areas, including controls over information technology and security. Given our extensive client portfolio, our people get exposure to common practices in both small and large IT senvironments. As we often also get called in when there is a problem or issue, we do not only get to witness what works well, but equally what does not work.
Even a relatively small audit can quickly highlight areas in need of attention or requiring a more detailed review. We have proprietary methodologies but also commonly conduct assessments using standards such as COBIT (Control Objectives for IT, from ISACA), ITIL (the IT Infrastructure Library), standards from the ISF (Information Security Forum) or ISO standards (e.g. ISO 27001 and 27002, the former ISO 17799). Our approach is flexible and always tailored to your specific needs. We do high level overall assessments in just 3 days as well as detailed audits where we spend several weeks on a single process.
As a result, we can help you tackle security at the level of:
- Security policies, standards and procedures, including information classification schemes and security awareness campaigns;
- IT management processes such as change and problem management, security administration, asset and configuration management, operations, disaster recovery and business continuity planning (DRP and BCP);
- Operating systems, databases and networks;
- Security and administration tools (Active Directory, identity management solutions, Public Key Infrastructures, intrusion detection systems, security baseline tools, etc);
- In-house developed applications or standard software packages (for ERP, such as SAP, Oracle Financials, JD Edwards, but also Axapta, Thaler, …).
PwC is an accredited ISO assessor and we specialise in helping clients get ready for certification against ISO 27001, which is increasingly becoming a common vehicle for information security improvement projects.
Whereas in our Systems and Process Assurance group, we focus on assessments of information security, we also often seamlessly and successfully team up with our Advisory colleagues in order to not only highlight potential issues, but also develop tailored solutions and help you implement them. In addition, this combination also allows us to cover aspects of IT Governance other than security, i.e. the alignment of your IT function and systems and network architecture to your business goals, how to manage your IT financials, and improving operational performance of your IT department in general, both from an efficiency and effectiveness perspective.
|
|
