Auditing

Auditing

DES is known for its professional Auditing services which are carried on systems to reassure it’s clients that the system meets the following checklist items:

Functionality – The functionality meets the initial and growing company requirements

Security – The system is secure in terms of access and audit trails

Stress Tests – The system is able to sustain future data requirements

Quality Assurance

Reporting – the system produces relevant management reports

The results of the assurance process are a report of findings of the applications strengths and weaknesses as well as recommendations on the tests carried out.

The scope will be limited to the entire design, functionality and security features of the system. We envisage the audit as one that targets two primary areas, namely software development and software assurance. The audit is seeking to respond to the following key questions: Are controls relating to software development and deployment adequate? Does the application do proper computations and valuations as required, based on inputs given and in secure and reliable manner? Does the application comply with the relevant regulatory requirements?

In order to achieve this, we carry out the audit on 4 key interrelated components as the per the following diagram:

Application development audit: This will ascertain the adequacy for various risks during this process, which will include:

  • Adoption of inappropriate SDLC for the System
  • Inadequate controls in the SDLC process
  • Inadequate adherence to the chosen SDLC
  • Inappropriate technology and architecture
  • Inadequate quality of the application system
  • Performance criteria not being met
  • Insufficient documentation
  • Management of change

 

 

Application controls audit: These are controls embedded in business process applications. They ensure accuracy and completeness of records and the validity of entries made in the transactions and standing data. Application controls are a sub-component of the entity’s business controls. The integrity of data is directly related to the sufficiency of the controls under which the data are gathered, processed, stored and reported. Our focus will be on controls embedded in the application over the processes used to initiate, authorize, record, process and report relevant information. This include, among others:

  • Identification and validation controls
  • Access controls
  • Controls that enhance integrity of information such as validation and edit checks
  • Controls that enhance the confidentiality of information
  • Controls that enhance the availability of the application and the relevant data
  • Error handling controls
  • Log management
  • Reporting controls

Processing audit: Processing controls ensure that processing is accurate, complete, timely, authorized and auditable. In addition to application controls that relate to input processing, we employ our qualified professional resources to undertake a thorough examination and testing of logical computations as performed by the application for processes identified and prioritized by the client in order to provide a reasonable assurance that the application does what it is intended to do. In auditing the application’s processing capability, we will be guided by 4 principles namely consistency, accuracy, validity and reliability.

 

Compliance audit: In compliance audits, data security remains a central theme. We are aware of the requirements to comply with a number of government and industry-specific regulations for purposes of safeguarding the confidentiality, integrity, and availability of electronic data from information security breaches. To this end, we carry out the following in order to provide independent assurance of regulatory compliance:

Identify and document pertinent regulatory requirements

Asses whether both the organizations management and IS functions have considered the relevant external requirements in making plans, setting policies, standards and procedures

Review internal IS department documentation that address adherence to laws applicable in industry. Determine adherence to established procedures that address these requirements

Want to schedule an appointment?

Call us at (+254) 20 2141808 or fill in the Contact form...