Integrated COBIT auditing solution released

Auditors are often tasked with identifying, documenting and assessing the design and operating effectiveness of internal controls in place to mitigate those risks that can impact on an organisation`s strategic, operational, reporting and compliance objectives.

Traditionally, the approach adopted by auditors has been based on a control checklist that has evolved over time to focus on the key areas that require attention when evaluating countermeasures to the organisation`s risk profile.

With the rapid pace of change and growing complexity in IT, relying purely on past experience is no longer adequate. Organisations have turned to frameworks like COBIT and ISO 17799 for additional information about the internal control baseline that should be in place.

Combining the use of a framework with risk analysis has provided a more reliable, efficient and economical approach to establishing internal controls, particularly when the framework is process-orientated and outcome focused.

Info Sec Africa, a leading COBIT solutions provider, has released a new COBIT-based assurance tool. The tool is designed to provide an integrated and efficient approach to performing effective reviews of internal controls, IT capability improvements and performance. It reduces much of the effort and time auditors typically require for their assessments. Auditors are now freed up to spend their available time on addressing the key controls implemented to mitigate specific risks in each process, at the business unit level.

A key design feature is the tool`s process orientation and support for designated process owners in a multi-tiered organisation. Both are requirements of COSO and COBIT, and the integrated nature of the solution, will ensure there is clear communication between the IT operational managers responsible for internal controls and the IT auditors examining the effectiveness of the selected controls.

A comprehensive dashboard provides both summarised and detailed views of the current status of risk, control, deficiencies and remedial action. A complete picture of the entire IT control environment can be viewed, and the status of internal controls monitored as frequently as necessary.

More information can be found at www.cobit.co.za or obtained from Peter Hill at peter@cobit.co.za.