Audit Services

Application Security Audit

An application system security audit pertains to an audit of a specific application system or business process. The audits can be during system development, post-implementation, or on a regular basis (e.g annually)

img-Application-Security-Audit

Objective of this assessment

Ensure the effectiveness of security controls implementation according to the design documentation and requirements
Ensure the implemented controls sufficiently mitigate the identified risks
Ensure the effectiveness of system application security

Approach & Methodology

An Application Audit, should, at a minimum determine the existence of controls in the following areas:

System Application Development & Acquisition
Application Control Review, which consist of security control during input, process and output phase.
IT General Control Review of the IT Operation Run and Support
Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
End User Computing Support
Third Party and Outsourcing Services Monitoring and Control
icon-Vulnerability-Analysis

Step 1

Audit Plan, Objective & Scope.
icon-audit-plan

Step 2

Preliminary Assessment & Information Gathering.
icon-Evidence

Step 3

Evidence Collection & Evaluation
icon-Reporting

Step 4

Documentation & Reporting