The audit checks the level of compliance with a list of requirements defined in standards such as ISO 27xxx, frameworks such as COBIT or best practices such as ITIL and allows the development of recommendations.
The course of an audit assignment is usually divided into 4 steps:
1. Risk assessment
During the first stage, the information in the scope of the audit is collected and stakeholder interviews are conducted. This information is used for a risk assessment.
The planning phase allows the establishment of the audit program, based on the risk assessment.
The conceptual and operational adequacy of the control measures is verified and the impact of these measures is assessed. The audit findings are defined according to the results.
The findings are used to establish a clear opinion and recommendations. The audit report is prepared and a presentation to the management is organised.
QAP has a wealth of experience in the private and public sector, essentially in finance, energy, high technology, healthcare and the service industry.