IT AUDIT :
Assessment of the company's entire information process

In the ABC Data's opinion, the audit of an IT system is the process consisting in the collection of data on the information assembly, practices and operations related to the information flow within an organization.

The data are collected in order to determine if the information system is efficiently operating, in view of supporting and implementing the organization's goals.

RISK ANALYSIS :
Identifying and solving the information system's weaknesses

IT risk analysis is the part of the auditing process which helps to identify the threats, risks and weaknesses within the company's information flow. By this analysis the auditor has to find the optimal solutions regarding their resolution or attenuation.

One of the key issues in IT auditing is related to the establishment of certain practices and procedures to prevent and solve the problems that may arise in the information circuit. In establishing such practices and procedures, we should take into account what we have to acquire and also what we have to avoid in information terms.

IT GOVERNANCE :
By properly managing the information resources and risks, the efficiency and number of the goals fulfilled does significantly increase

The IT governance purpose is to make sure that the performance of the information system, in its entirety, fulfils the company's requirements. In addition, the information technology should exploit the opportunities and maximize the revenues.

IT governance points :

• Information system strategy
• Measures and procedures
• Risk management
• Information system management practices
• Information system organization structures and responsibilities

SYSTEM AND INFRASTRUCTURE LIFE CYCLE MANAGEMENT :
The information system should fulfil the current and particularly the future requirements of the company to the highest extent possible.

In all the interest areas of a company there are information assets, each with a unique set of functional features. As discrete items, they may circulate as intact or modified throughout the organization. The purpose of the lifecycle management consists in the management of such assets from early stages to finals stages as efficiently as possible.

Backed by a solid knowledge base regarding the creation, use and exchange of information assets by an organization, the auditor may rationalize each stage and increase the efficiency of the entire lifecycle, acquiring low costs, minimal risk and improved productivity.

IT SERVICE DELIVERY AND SUPPORT :
The acquisition and support of IT components should be performed first of all according to the strategy adopted by the organization.

The audit of delivery and support activities involves the assessment of information system operations, the assessment of hardware, software components, the assessment of the information system architecture and the assessment of the network infrastructure.

Therefore the auditor should make sure that the services management and operations management practices and the data management procedures are in accordance with the company's needs.

In addition, the auditor should also verify if the modifications implemented are properly controlled. All the modifications and/or errors occurred should be recorded, in order to facilitate the future interventions.

PROTECTION OF INFORMATION ASSETS :
The security of the data and of the information process is the most vulnerable point of a company.

The IT security involves the assurance of the company's assets confidentiality, integrity and availability.

The critical issue regarding the information protection is to establish a foundation for an effective management of the information security. The technological development has resulted nowadays in the online performance of most transactions, the companies being exposed to attacks, which has lead to the necessity of an efficient security management system.

The IT security goals for fulfilling the company's requirements should include :

• Assurance of the continuous availability of the information systems
• Assurance of the integrity of the information stored
• Protection of the confidential information
• Assurance of the compliance with the laws, regulations and standards in force
• Assurance of an appropriate network infrastructure management

BUSINESS CONTINUITY AND DISASTER RECOVERY :
The information solutions should be designed as to ensure the information flow continuity even in case of disaster.

The information process continuity is a process intended to reduce the risks occurred upon an unexpected failure of a critical function/operation, necessary for the organization's survival. This includes the allocation of material and human resources to these functions/operations, in order to ensure the communication's continuity.

If any of these threats occurs, the organization may incur losses one way or the other. Such losses may be financial losses, reputational losses, credibility losses and may lead even to interruption in activity.

One of the major priorities of a company should be to constantly improve and monitor the information operation's security. This involves the introduction of counter-measures, in order to decrease the probability of such events occurrence.