Auditing System and Method
First Claim
Patent Images
1. A method for auditing an organization'"'"'s internal controls for handling information technology (IT) configurations and vulnerabilities comprising:
- creating a technology summary summarizing relevant IT systems;
determining IT systems to test;
identifying gaps in internal controls used to identify and remedy at least one of vulnerabilities and improper configuration standards;
performing at least one of reviewing and testing existing internal controls; and
generating comments based on results of said at least one of reviewing and testing.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for auditing information technology used to handle financial statement accounts to secure sensitive financial information against the exploitation of vulnerabilities and ineffective configuration standards. By working with the client organization, an audit team evaluates the way the client organization controls sensitive IT systems. The audit team is able to assess the client organization'"'"'s internal control processed and recommend improvements.
47 Citations
12 Claims
-
1. A method for auditing an organization'"'"'s internal controls for handling information technology (IT) configurations and vulnerabilities comprising:
-
creating a technology summary summarizing relevant IT systems;
determining IT systems to test;
identifying gaps in internal controls used to identify and remedy at least one of vulnerabilities and improper configuration standards;
performing at least one of reviewing and testing existing internal controls; and
generating comments based on results of said at least one of reviewing and testing. - View Dependent Claims (2, 3)
-
-
4. A method for evaluating internal controls governing the management of IT configurations and vulnerabilities comprising:
-
defining the internal controls;
organizing a project team to conduct an evaluation;
documenting and evaluating the internal controls at an entry level;
documenting and evaluating the internal controls at a process, a transaction and an application level and evaluating overall effectiveness, identifying matters for improvement and establishing a monitoring systems.
-
-
5. A system for auditing an organization'"'"'s internal controls for handling information technology (IT) configurations and vulnerabilities comprising:
-
a creating unit for creating a technology summary summarizing relevant IT systems;
a determining unit for determining IT systems to test;
an identifying unit for identifying gaps in internal controls used to identify and remedy at least one of vulnerabilities and improper configuration standards;
a performing unit for performing at least one of reviewing and testing existing internal controls; and
a generating unit for generating comments based on results of said at least one of reviewing and testing. - View Dependent Claims (6, 7)
-
-
8. A system for evaluating internal controls governing the management of IT configurations and vulnerabilities comprising:
-
a defining unit for defining the internal controls;
an organizing unit for organizing a project team to conduct an evaluation;
an entry-level-documenting unit for documenting and evaluating the internal controls at an entry level;
an application-level-documenting unit for documenting and evaluating the internal controls at a process, a transaction and an application level; and
an evaluating unit for evaluating overall effectiveness, identifying matters for improvement and establishing a monitoring systems.
-
-
9. A computer system comprising:
-
a processor; and
a program storage device readable by the computer system, embodying a program of instructions executable by the processor to perform method steps for auditing an organization'"'"'s internal controls for handling information technology configurations and vulnerabilities comprising;
creating a technology summary summarizing relevant IT systems;
determining IT systems to test;
identifying gaps in internal controls used to identify and remedy at least one of vulnerabilities and improper configuration standards;
performing at least one of reviewing and testing existing internal controls; and
generating comments based on results of said at least one of reviewing and testing. - View Dependent Claims (10, 11)
-
-
12. A computer system comprising:
-
a processor; and
a program storage device readable by the computer system, embodying a program of instructions executable by the processor to perform method steps for auditing an organization'"'"'s internal controls for handling information technology configurations and vulnerabilities comprising;
defining the internal controls;
organizing a project team to conduct an evaluation;
documenting and evaluating the internal controls at an entry level;
documenting and evaluating the internal controls at a process, a transaction and an application level; and
evaluating overall effectiveness, identifying matters for improvement and establishing a monitoring systems.
-
Specification