Credit Rating Agency – IT and Data Audit

We performed an IT and Data Audit for a Global Credit Rating Agency.

The objective of the audit was to ensure compliance with legal and regulatory requirements, as well as the confidentiality, integrity, and availability of information systems and data.

The Audit review was performed in accordance with the Control Objectives for Information and Related Technology (‘COBIT’) standards established by Information Systems Audit and Control Association (‘ISACA’).

The scope of the review was to assess the following:

1. SLA's in place between IT, the Business and the Third parties,

2. Disaster Recovery (design and implementation testing),

3. Business Continuity (design and implementation testing),

4. Security (logical and physical) of key systems and infrastructure (Active Directory),

5. Information Security – incorporating data privacy and data protection,

6. Backups and data retention, and

7. IT Governance and Strategy.

Our approach:

1. Reviewed background information (including documented controls and procedures), met with key members of staff and reviewed samples of existing information in order to gain an understanding of the processes in place,

2. Met with key staff to ascertain what processes were subject to change in the future,

3. Tested processes and relevant controls to determine whether they were adequately designed and effectively followed, and

4. Issued an Audit Findings Report to the Management, highlighting the areas where controls were operating well, as well as highlighting areas that should be addressed in order to strengthen the government framework and control environment.