Independent validation of IT control provides unique, unbiased perspectives into the overall effectiveness and efficiency of your controls program. This perspective provides assurance to senior leadership and management that their risk mitigation strategies and control objectives are functioning consistently, as intended, when needed.

At Coalfire, we understand that IT audit functions most effectively when management and audit work together- collaborating on risk, control objectives, and testing- to provide meaningful results. While we respect and observe independence from management, we do not observe isolated independence that can prevent a solid understanding of organizational business objectives and priorities.

Our IT audit services can scale to fit your requirements- from strategic, risk-based audit planning and execution to tactical control audits aligned to your annual audit plan. In any case, our audit services will plan and execute your next audit with precision and accuracy.

Coalfire offers two primary audit services for organizations looking for professional validation of their information technology controls:

Coalfire’s Co-Sourced Internal audit managed service provides you with the tools and resources necessary to fit your audit plan. For organizations without an annual IT audit plan, Coalfire can help design and implement a formal plan that fits your risk management program and compliance requirements.

The Co-Sourced Internal audit managed service utilizes seasoned IT audit and security professionals who maintain concurrent CISA and CISSP certifications. Our staff utilizes shared, automated audit resources that help coordinate scheduling, control artifacts, and reporting with internal stakeholders- enabling efficient participation and streamlining many of the “pain points” associated with audit activities.

In today’s interconnected business environment, many services are dependent on support from an integrated supply chain of 3rd party products and services. A due diligence process is needed to assure corporations of the safety and integrity of their data when being handled by a third party organization. SAS 70 audits provide this very assurance by examining, documenting, and if needed, testing a wide array of internal controls within these “service organizations”.

Coalfire teams with certified public accounting firms to deliver a comprehensive examination and audit report for our clients. This coordinated relationship coupled with clean segregation of duties helps deliver a valuable SAS 70 service to your organization.

Our SAS 70 service is structured to help IT functions select the best approach to IT control reporting and management- preventing duplicity and omission of control that may exist with other IT control frameworks within the IT organization. This structure not only creates efficiencies within your audit and control operations programs, but helps deliver a meaningful SAS 70 service to your organization.

Coalfire SAS 70 services provide the highest value in organizations when integrated with our Common Controls Program. The Common Controls Program provides a single set of control objectives, audit activities, and reporting for internal and external audiences.

For more information on Coalfire's IT audit services, please contact: