Quick Links

	Information Security Top 10 Lists
	Security Policies and Procedures
	Industry experience in this area
	Award winning security newsletter
	Contact our experts for more info

Altius IT Roadmap (AIR)

Audit and Assessment Roadmap

Risk assessments may be the most important step in the risk management process. Altius IT's risk assessments and audits help organizations identify, manage, and reduce their IT related risks. The Altius IT Roadmap (AIR) helps guide our clients through the audit and assessment process. For more information, see our Audit and Assessment Guide.

Ten Step Audit and Assessment Process

1. Identify Audit Objectives

Altius IT meets with you to identify and document your audit and assessment goals and objectives. To deliver maximum business value, our services are customized to your specific needs.

2. Industry Standards and Regulations

Altius IT identifies industry standards and regulations that apply to your organization. Any compliance requirements are identified prior to the beginning of the engagement. These are then used as benchmarks during the audit process.

3. Risk Assessment

Altius IT reviews your systems, people, and processes to determine the areas that create the greatest risks.

4. On-site Review

In most instances, an Altius IT project team is on-site reviewing your IT systems and meeting with your staff. Our services includes a review of your users and their use of your information systems. Upon conclusion of our on-site review, Altius IT provides a brief summary of any high priority issues discovered during our on-site services.

5. Analysis

Altius IT compares your organization with industry standards and regulations. Any "gaps" (areas that create additional risk) are identified. Risks are analyzed according to the magnitude of the potential loss as well as the probability of the event.

6. Assessment Report

Altius IT provides an Assessment Report of our findings, alternatives, and our recommendations. Our report includes an Executive Summary as well as detailed findings and statistics for your specific industry.

7. Action Plan Report

Altius IT provides an Action Plan Report of correction action needed to mitigate and reduce IT related risks. Our prioritized action plan of recommendations adds value by helping allocate your IT funding to those areas that have the greatest impact at reducing risks.

8. Correction Action

In most instances, Altius IT's clients must take some form of corrective action to secure information systems or meet compliance requirements.

9. Compliance Letter

If requested, Altius IT can provide a brief follow-up review to ensure the appropriate corrective action has occurred and controls are in place. If requested, Altius IT can provide a Compliance Letter stating that your organization now meets minimum standards and compliance requirements.

10. Evaluation

Since new and emerging threats evolve on a regular basis, audits and assessments must be performed regularly. Altius IT helps your organization keep on top of these threats by scheduling future audits on a quarterly or annual basis.

Top 10 Audit Questions

Still in the process of selecting an IT auditor? Ask your auditor these Top 10 audit questions.

Why Altius IT

We are certified by the Information Systems Audit and Control Association as Certified Information Systems Auditors (CISA). Altius IT's experts provide outside, independent assessments that help organizations:

Achieve compliance with industry standards
Develop strong relationships with your customers
Minimize business and IT related risks
Reduce costs while ensuring information protection