Altius IT Roadmap (AIR)
Audit and Assessment RoadmapRisk
assessments may be the most important step in the
risk management process. Altius IT's risk
assessments and audits help organizations identify,
manage, and reduce their IT related risks. The
Altius IT Roadmap (AIR) helps guide our clients
through the audit and assessment process. For
more information, see our
Audit and Assessment
Guide.
Ten Step Audit and Assessment Process
1. Identify Audit Objectives
Altius IT meets with you to identify and document
your audit and assessment goals and objectives.
To deliver maximum business value, our services are
customized to your specific needs.
2. Industry Standards and Regulations
Altius IT identifies industry standards and
regulations that apply to your organization.
Any compliance requirements are identified prior to
the beginning of the engagement. These are
then used as benchmarks during the audit process.
3. Risk Assessment
Altius IT reviews your systems, people, and
processes to determine the areas that create the
greatest risks.
4. On-site Review
In most instances, an Altius IT project team is
on-site reviewing your IT systems and meeting with
your staff. Our services includes a review of
your users and their use of your information
systems. Upon conclusion of our on-site
review, Altius IT provides a brief summary of any
high priority issues discovered during our on-site
services.
5. Analysis
Altius IT compares your organization with
industry standards and regulations. Any "gaps"
(areas that create additional risk) are identified.
Risks are analyzed according to the magnitude of the
potential loss as well as the probability of the
event.
6. Assessment Report
Altius IT provides an Assessment Report of our
findings, alternatives, and our recommendations.
Our report includes an Executive Summary as well as
detailed findings and statistics for your specific
industry.
7. Action Plan Report
Altius IT provides an Action Plan Report of
correction action needed to mitigate and reduce IT
related risks. Our prioritized action plan of
recommendations adds value by helping allocate your
IT funding to those areas that have the greatest
impact at reducing risks.
8. Correction Action
In most instances, Altius IT's clients must take
some form of corrective action to secure information
systems or meet compliance requirements.
9. Compliance Letter
If requested, Altius IT can provide a brief
follow-up review to ensure the appropriate
corrective action has occurred and controls are in
place. If requested, Altius IT can provide a
Compliance Letter stating that your organization now
meets minimum standards and compliance requirements.
10. Evaluation
Since new and emerging threats evolve on a
regular basis, audits and assessments must be
performed regularly. Altius IT helps your
organization keep on top of these threats by
scheduling future audits on a quarterly or annual
basis.
Why Altius IT
We are certified by the Information Systems
Audit and Control Association as Certified
Information Systems Auditors (CISA). Altius IT's experts provide outside,
independent assessments that
help organizations:
- Achieve compliance with industry
standards
- Develop strong relationships with your
customers
- Minimize business and IT related risks
- Reduce costs while ensuring information
protection
|
