Facilitating GRC Best Practice
Supported Standards:
ISO 31000
BS 10500
ISO 19600
ISO/IEC 38500
ISO/IEC 27001
ISO/IEC 22301
ISO/IEC 20000
Balanced Scorecard
Consultancy Topics:
IT Governance
IT Risk
IT Compliance
Information Security
Business Continuity

IT Audit Function Establishment

Internal and IT Audit

Analytix IT Audit consulting services assist organisations to establish or improve their IT Audit functions. 

Alignment with IT Audit Best Practice

These services are aimed to assist organisations to align their IT Audit functions and practices with the latest international Corporate Governance and IT Audit Best Practices.

IT Audit Function 

We provide the technical expertise and project management capabilities needed to build an effective effective risk based IT audit function 

The scope and structure of an IT Audit programme can vary, and our effort expended will be tailored to the needs of your organisation, while we will ensure that the essential elements of an IT Audit function be established which is capable of  perform the following functions:

  • Evaluating the company’s IT governance and IT management processes
  • Performing an objective assessment of the effectiveness of your IT control and IT related risks
  • Systematically analysing and evaluating IT processes and associated general IT and application controls; and
  • Providing a source of information as appropriate, regarding instances of fraud, corruption, unethical behaviour and irregularities

Analytix’s approach to IT Audit programmes is based on assisting organisations to create an effective IT Audit function that meets the needs of your business and adheres to the legal requirements regulating your industry.

Our approach makes provision for a series of steps and activities designed to meet the increased requirements of an IT audit function. It also takes advantage of international IT Audit best practices.

Key phases involved in developing a new or improved IT audit function include:

  • Integrating IT Audit with your Corporate and IT Governance frameworks – includes developing an understanding of the organization and existing corporate governance structures and aligning this understanding with the expectations of the various stakeholders. It also involves establishing the IT audit governance structure and framework and establishing formal oversight of the IT audit function.
  • Develop operational IT Audit guidance – calls for establishing the operational framework of IT audits as well as developing standardized tools and templates for use in the operations of the IT audit function.
  • Establish executive/board reporting – requires determining reporting requirements with key stakeholders and developing related protocols. It also entails developing the necessary reporting tools and formalising the reporting process.
  • Developing a Risk Based IT Audit Methodology – involves developing risk criteria and performing risk assessment. It requires identifying enterprise risks and facilitating discussions on how these risks threaten business objectives. Additionally, it involves associating risks to key business processes and communicating results and validating findings to develop the basis for the IT audit plan.
  • IT audit plan development – leads to creating a risk-based IT audit plan and includes determining timing and resource requirements. It entails developing and sharing a draft plan with the function sponsor before obtaining audit committee approval. Once approval is granted, this step also requires maintaining and updating the IT audit plan on a regular basis.

COBIT 5 for Assurance 

COBIT 5 for Assurance lets IT auditors leverage COBIT 5 when planning and performing IT assurance reviews, which unifies an organisation’s business, IT and assurance professionals around a common framework, objectives and vocabulary making it easier to reach consensus on any needed control improvements.

COBIT 5 for Assurance can be used for many different purposes including:

  • Obtaining a view (based on COBIT 5 concepts such as the enablers) on current good practices on assurance
  • Learning how to use different COBIT 5 components and related concepts for planning, scoping, executing and reporting on various types of IT assurance initiatives
  • Obtaining a view of the extent to which the value objective of the enterprise—delivering benefits while optimizing risk and resource use—is achieved


COBIT 5 for Assurance provides a roadmap built from well-accepted assurance approaches that enable assurance professionals to effectively plan, scope and execute IT assurance initiatives, navigate increasing technology complexity, and demonstrate strategic value to IT and business stakeholders.

IT Audit Standards

Formal standards such as:

  • ISACA’s Information Technology Assurance Framework (ITAF)
  • Institute of IT Auditor’s (IIA) International Professional Practices Framework (IPPF)

Our consultants would evaluate or establish some of the key elements of your IT Audit function, which would likely include:

  • An IT Audit charter / framework or mandate
  • A flexible IT Audit organisational structure with roles and responsibilities promoting accountability, effective communications, team work, professionalism and the optimal use of resources
  • IT Audit process and procedures
  • IT Audit risk universe
  • Templates for an IT Audit plan
  • IT Audit reporting tools and templates
  • IT Audit training and awareness

Our IT Audit consultancy delivers real business benefits:

  • Brings a clear focus to your business continuity project, based on real-world experience
  • Helps to ensure that you stay on track and within your budget
  • Delivers a convincing business case for implementing an IT Audit project
  • Helps you avoid common pitfalls and challenges during an implementation
  • Introduces appropriate metrics that will clearly demonstrate your success