IT Assurance

 

What is IT Assurance?

 

IT assurance is a branch of auditing concerned with the governance of information and communication technologies.

 

The past few years have seen a re-emergence of large scale HE institutional investment into IT systems (eg implementation of financial systems, student administration systems etc). These projects are becoming increasingly complex and many institutions have limited understanding of the technology risks they are facing. The pace of IT change, regulatory pressures and increasing dependency on IT also represent a significant challenge for institutions. As a result, governing bodies are looking for a higher level of assurance than ever before.

The KCG Consortium assists its Member institutions to examine the effectiveness of their IT systems' and networks' technical and procedural controls in order to minimise risk and accurately forecast and anticipate future requirements.

 

Our specialist IT auditors, supported by Tenon Group, can:

 

• Help to reinforce institutional attitude to IT risk.
• Help to identify the IT systems and processes which present the greatest potential operational risks to the institution.
• Ensure compliance with relevant legislation to safeguard assets by instituting effective internal controls.
• Provide advice on how to improve management controls in all of the following areas: installation standards and procedures; file management; access controls; network management and control; systems development and project management; security of systems and assets; and, contingency plans covering system resilience and disaster recovery.

 

Potential issues for HEIs

 

The following issues are relevant to HEIs:

 

• The institution may not be confident that technology risks are properly identified and controlled.
• The institution may be unsure of the impact IT risks might have.
• The institution may be rationalising or re-implementing Enterprise Resource Planning systems (such as SAP and Oracle) and wishes to ensure that risks are identified and addressed.
• Institutional projects may include complex outsourcing arrangements and the institution requires assurance that risks are identified, measured and managed effectively
• The institution may have become more sensitive to IT security issues or suffered a recent embarrassing lapse in security.
• Poor data quality may be impacting the effectiveness of the institution’s processes and decision making.

 

How can the KCG Consortium assist?

 

We add value by:

 

• Helping institutions to identify IT risks and understand their impact in a strategic context, including alignment with institutional objectives.
• Delivering fresh perspectives to the governing body on how to integrate its approach to governance, regulation and compliance.
• Providing assurance that a robust risk assessment and management framework is in place to manage IT risks, including process improvement and controls optimisation.
• Scrutinising ERP and business systems on various levels to provide assurance on governance, implementation, data migration and overall alignment with business objectives.
• Providing assurance over the operations and approach of managed service providers in any outsourcing of the IT function.
• Providing bespoke reviews and assurance around IT security and controls.

 

KCG Consortium services include:

 

• IT risk assessments and IT controls assurance (as defined in the diagram below)
• Building IT governance, regulation and compliance solutions
• Independent, objective IT project assurance
• ERP and business systems controls optimisation
• Security and vulnerability assessments including penetration testing
• Business continuity planning
• Data management strategy, data quality assessments and data cleanse
• IT internal audit
• Compliance assessments against industry and global standards