M&A Internal Audit (IA) has experienced and certified information systems auditors (CISA) and certified in risk and Information Systems Controls (CRISC) available to meet your Information Technology audit needs. We have over 10 years of experience performing risk assessments, documenting and testing, and auditing to your objectives for Information Technology General Controls (ITGC), Information Technology (IT) Security and Cybersecurity. IA uses internal control frameworks and applies the Institute of Internal Auditors International Professional Practices Framework (IPPF). Internal Control/Security Frameworks include Control Objectives for Information and Technology (COBIT), National Institute of Standards and Technology (NIST) 800-53 – Security & Privacy Controls, NIST Cyber Security Common Security Framework (CSF), Federal Information Security Modernization Act (FISMA), and the Inspector General (IG) FISMA Metrics. IA uses these frameworks to conduct independent assessments of IT and security controls. These frameworks provide the basis for organizations to address the security, privacy and regulatory compliance needs for IT, security and cybersecurity. IA can perform services from an initial gap analysis through the assessment of the design and operating effectiveness of controls using IA standards. IA’s independent assessment qualifies as an independent Internal Audit assessment.
IA can fill the gap when organizations do not have the in-house expertise to perform the IT, security and cybersecurity audits. IA will come along side of you to meet your IT assessment needs. We have a history of having our work relied upon by the external auditors and assessors. IA provides the type of support required by management. We can provide a full solution, specialized knowledge, staff augmentation, and train and develop an internal audit solution. We provide a range of services from risk assessment through reporting.
