Types of IT Audits
General Control Reviews
These types of services might include audits of University infrastructure such as the computing network, change management or how the University contracts with outside IT vendors to provide services. A general control review generally considers the configuration of the infrastructure appliance as well as access controls to the appliance.
These types of reviews are a type of audit that focus on an applications utilized by the University. Some examples include the Financial Management System, Student Enterprise System or Blackboard. An application review generally considers functions for segregation of duties and access control.
Project Consulting Services
IT Audit can assist with the implementation of a new system or application. Work of this type might include review of functional and business requirements to assist in the creation of recommended security controls to be included to reduce the time frame and cost of implementing security once the new system or application has been implemented.
Due Diligence Reviews
IT Outsourcing is a process where IT Audit acts as an independent and objective partner to assist with informed decision making with regards to the internal controls that a vendor offers for the Confidentiality, Integrity and Availability of University data prior to signing a contract with a new vendor.