Information Systems Audit

The Information Systems (IS) audit group assesses the University's critical systems, technology architecture and processes to assure information assets are protected, reliable, available and compliant with University policies and procedures, as well as applicable laws and regulations. We emphasize the importance of mitigating security risks during our audit coverage of the University’s application, operating and networking systems. Through our integrated and IT governance audits, we evaluate information technology’s impact on the University’s processes and its abilities to achieve its goals and objectives. Our evaluations are objective and professional, utilizing COBIT (Control Objectives for Information and related Technology) framework, an international standard for good IT control practices.

ISA provides the following audit services:

  • IT Governance - IT governance audits include reviewsof the organization’s fiduciary responsibility in satisfying the quality of IT delivery services while aligning with the business objectives and establishing an adequate system of internal controls.
  • Information Systems - Information systems audits focus on security controls of physical and logical security of the server including change control, administration of server accounts, system logging and monitoring, incident handling, system backup and disaster recovery.
  • Integrated Audits - Integrated audits include reviews of the business operations and their dependency of automated systems to support the business process. We consider information technology and financial and operational processes as mutually dependent for establishing an effective and efficient control environment. From the technology perspective, the audit focuses on application controls, administration of user access, application change control and backup and recovery to assure reliability, integrity and availability of the data.
  • Control Self-assessments - Control Self-assessments are designed for department that manages and operates a technology environment. These self-assessment tools can be used to identify potential areas of control weakness in the management of the technology environment.
  • Compliance - Compliance audits include University policies and procedures, Payment Card Industry (PCI), the Health Insurance Portability and Accountability Act (HIPAA), Family Education Rights and Privacy Act (FERPA) and any other applicable laws and regulations.