The following are the Top 10 questions you
should ask your IT auditor.
1. How do I get compliance certified?
To meet compliance requirements, you must use an auditor that is
certified to audit and assess your systems.
Altius IT provides Certified Information Systems
Auditors (CISA) as a part of each engagement.
2. Are you independent?
Auditors must be independent and not influenced by a
prior working relationship with your
organization. In other words, individuals
that provide IT services (in-house or
outsourced) to your organization can't also be
your IT auditor. By being independent, Altius
IT remains unbiased and doesn't have preconceived
agendas that may not be in your best interests.
3. Do you specialize in IT audits?
Altius IT specializes in providing audit and
assessment services. We review your
technology systems, business processes
and procedures, and your
staff to determine if the right things are being
done the right way in a cost effective and
efficient manner.
4. What is your audit experience?
Altius IT's
staff has the certifications and experience.
Since 1993, we've performed over 1,000 audits
and assessments. Our
experienced auditors understand the importance
of evaluating technology systems, people, and
processes. All three must be examined to
help you identify, manage, and reduce your
risks.
5.
How is the engagement managed?
Each engagement is overseen by an Altius IT
project manager with 30 years of management and
technical experience. Altius IT staff are
directly supervised and directed by the project
manager to ensure your goals, objectives, and
deadlines are met. See the
Altius IT Roadmap
(AIR) for an overview of the audit process.
6. Does your scope include a review
of controls?
Altius IT provides a comprehensive 360 degree
view of your organization. In addition to
technical controls, our auditors examine and
evaluate procedural controls
(operations procedures), legal controls
(software licenses etc.), human resources
controls (confidentiality agreements, etc.),
risk management controls (business continuity,
cyber crime insurance, etc.), and other types of
risk management.
7. What type of deliverables
(reports) do I get?
Many companies provide computer report dumps
that have little meaning to executives and
business professionals. Altius IT's
deliverables provide real value:
- Assessment Report - a report of
our findings and evaluation of risks.
Our assessment report reviews over
50+
different subject areas.
- Action Plan Report - we analyze
the information in our Assessment Report and
prepare a risk response action plan plan
with prioritized recommendations and steps
to manage your risks.
- Compliance Letter - if requested,
Altius IT can provide you with a Compliance
Letter, stating that your systems meet
minimum standards and compliance
requirements.
8. What auditing standards are used
when assessing our firm?
As an active member of the Information Systems
Audit and Control Association (ISACA),
Altius IT's compliance audits and assessments help
your organization meet industry standards and
guidelines.
9.
What are your certifications and affiliations?
Members of the Altius IT audit team hold the following certifications,
qualifications, and affiliations:
- Management qualifications - each
Altius IT project manager has over 30 years
of project management experience
- Professional associations
- Altius IT is a member of the Information Systems Audit and Control
Association (ISACA), Association of Contingency
Planners (ACP), Technology Professionals
Association (TPA), and Association of
Professional Consultants
- Technical certifications - Altius IT's
engineers hold many certifications including Certified
Information Systems Security Professional (CISSP
the world's leading qualification in information
security), Microsoft Certified Systems Engineer
(MCSE),
Certified Cisco Network Administrator (CCNA),
Intrusion Prevention Professional, Certificate
in Data Processing (CDP)
- Academic qualifications - Master of Science in
Management Information Systems (MIS), Bachelor
of Science in Accounting
- Recognition - Altius IT has been
featured on national television and in over
40 publications including the Wall Street
Journal, USA Today, Business Week, the Los
Angeles Times, and many others.
For more information, please visit
In the News.
10. Why should we choose your firm?
You need a firm that understands your
industry and technology systems.
Altius IT has performed hundreds of audits and
assessments. We understand the underlying
technologies that support your business
functions. We are familiar with the
various threats and
vulnerabilities associated with your business
processes, people, and technology systems.
