Audit of IT systems
When it comes to auditing IT systems (the most encountered cases are the audit of insurance companies' IT systems in conformity with order no. 18/2009 of the Insurance Supervisory Commission and security plan audit for companies that want to comply with order no. 1077/2003 of the Finances Ministry) we collaborate with 3 IT specialists, members of the ISACA. They have a lot of experience in the IT field and are certified as specialists (PM, MCSA, MCSE, MCP, CISA, IIBA).
The purpose of audit missions for the Insurance Supervisory Commission (ISC) is: the audit of the IT system in conformity with the ISC order no. 18/2009 for the approval of norms on the principles of organizing an internal control system, of risk management, of organizing and running internal audit activities for insurers (published in the Official Monitor, part I, no. 621 of 09.16.2009), respectively:
- to certify the audit is adequate to the activity;
- the IT security's strength;
- the capacity to supply the special reports required by the Insurance Overseeing Committee;
- the capacity to connect to a network and electronically send the reports;
- the capacity to stock and archive data;
- meeting the minimal official criteria in the financial-accounting domain for electronic data manipulation.
The IT system's audit will have other general objectives, besides its main purpose:
- to better the process and its controls;
- to prevent and detect errors and fraud attempts;
- to reduce risks and improve the system's security;
- to plan ahead in case of accidents or disasters;
- information management and development of the system;
- evaluation on how effective the resources are used.
Case Studies
Procter&Gamble
Read Case Studies
