Our IT audit professionals have experience working as "Big Four" IT auditors, IT management and internal IT auditors for some of the nation's largest companies. Let our proven methodologies and IT audit solutions add value to your company.

Our IT Audit Solutions include:
IT Audit Co-Sourcing »
IT Application Reviews »
IT Infrastructure Reviews »
Threat and Vulnerability Assessments »
IT Risk Assessments »
IT Policy and Procedure Reviews »
Regulatory Compliance Reviews »

Internally staffing the IT audit function is difficult for companies due to the complexity of most IT environments and requires several IT auditors. EasySAM will partner with your Internal Audit department to perform audits in the high-risk IT areas that management and the Audit Committee need to address immediately. Our experienced IT audit professionals identify higher quality audit findings and provide real solutions to assist your IT department in strengthening your company's controls.

EasySAM examines Change Controls, Access Controls, and IT Application Controls. In addition to strengthening these IT controls, we team with our CPAs to identify revenue leakage in your operational IT applications using data analysis and data mining techniques.

Perform Change Control and Access Control reviews for all ERP packages (Oracle, SAP, PeopleSoft, JD Edwards, Macola, Lawson, Great Plains, MAS 90, MAS 200, etc.), Commercial Off-The-Shelf (COTS) software, web-based applications, custom-developed applications, end-user computing applications, etc.
Review and strengthen existing IT application controls (e.g., correct segregation of duties issues and replace manual controls with automated IT controls)
Identify opportunities to implement new application controls to streamline your business processes
Perform data analysis using Computer Assisted Audit Techniques (CAATs) and data mining to identify revenue leakage

EasySAM starts with vendor and industry best practices for securing your IT infrastructure and then we modify these to fit your IT environment. Policies, procedures, and "hardening" guidelines are documented for each IT infrastructure component. We also provide guidance on selecting and implementing software tools to monitor your IT infrastructure security.

Database Management System Reviews: SQL Server, Oracle, Sybase, DB2, etc.
Operating System Reviews: Windows, UNIX, Linux, AS/400, OS/390, etc.
Network Security Reviews: Firewalls, routers, switches, wireless devices, intrusion detection systems, etc.
Computer Operations Reviews: Backup and recovery, job scheduling, problem management, physical access, environmental controls, etc.

EasySAM can evaluate the internal threats from employees and contractors and external threats to your company's network and data.

Perform threat and vulnerability assessments to identify internal employees or contractors with the ability to cause damage to mission critical IT systems
Execute Attack and Penetration (A&P) testing at the Internet and Intranet levels using software tools (e.g., ISS Internet Scanner, nMAP, Nessus, NetIQ)
Test wireless and dial-in (remote access) security
Review your company's incident response programs

EasySAM's IT risk assessments are based on Control Objectives for Information and related Technology (COBIT) issued by the Information Systems Audit and Control Association (ISACA). COBIT provides leading practices for the management of IT processes in a manageable and logical structure by bridging the gaps between business risks, technical issues, and internal control needs. We use questionnaires, interviews, and information requests of key IT data to create an IT risk assessment report that:

Define the IT audit universe - through the identification of critical IT systems and related processes
Provide a basis for the risk-based selection of discrete IT audits

EasySAM improves your company's IT policies and procedures by tailoring industry best practices for your environment.

Evaluate existing IT policies and procedures and compare these to industry best practices (e.g., Cobit, BS7799/ISO17799, Common Criteria, ITIL, etc.)
Develop new or improve existing IT policies and procedures
Improve the processes for monitoring and enforcing IT policies and procedures across the company

EasySAM will identify gaps and correct IT internal control weaknesses to meet your regulatory compliance objectives for the following regulations:

Sarbanes-Oxley
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)