URM's Auditing Services

Overview

Audits are performed to ascertain the validity and reliability of information and also to provide an assessment of an organisation's system of controls and whether processes are being followed. The goal of an audit is to express an objective opinion on the system in question, typically based on a process of document review, interview and testing. The process of auditing involves an evaluation of the controls or processes within an organisation, verifying their appropriateness and ensuring they are operating as implemented and intended. Most organisations conduct audits using both internal and external resources, utilising individuals with the appropriate skills, knowledge and experience.

Areas of URM Audit Expertise

URM has extensive audit experience and offers a flexible range of audit services to support an organisation's audit approach. URM is able to conduct a full audit programme on behalf of an organisation or individual audits against key Management System Standards, as well as processes or specific controls from the Standard including ISO 27001 (Information Security), BS 25999 / ISO 22301, (Business Continuity), ISO 20000 (IT Service Management) and ISO 9001 (Quality).

URM is a registered Payment Card Industry (PCI) Qualified Security Assessor (QSA) Company and is qualified to assess and audit Merchants and Service Providers. URM can also provide audit services to assess an organisation's compliance with the Data Protection Act 1998. The Company is able to conduct a full range of IT audits, including process driven and hardware and system specific.

URM's services are often utilised to provide an independent and informed assessment of an organisation's third parties (e.g. key suppliers).

URM's Auditing Approach

URM's established and proven audit methodology is based around analysing the client requirements and ensuring that results produced from audits are accurate and repeatable. The methodology, which adopts a sampling approach, follows these steps:

  • Defining and detailing the scope of the audit or audit programme
  • Planning and managing the programme of work
  • Interviewing identified individuals
  • Reviewing documentation
  • Creating and implementing test plans
  • Reviewing and auditing processes
  • Producing a detailed report of findings
  • Agreeing actions with auditees
  • Following up on agreed actions
  • Reporting audit attestation to governing bodies.

The extent of the audit and the evidence sought is based on the client's requirements and is agreed at the outset. URM provides recommendations on audit approaches based on its experience, good practice and in the case of documented Standards, the defined requirements. Alternatively, URM can offer the flexibility of adopting the organisation's internal methodology, with the URM auditor(s) acting as a member of the internal audit function.

URM can also offer integrated management system audits.

URM's Auditors

URM has a team of qualified auditors who bring with them a vast range of expertise and experience. This expertise incorporates a combination of auditing skills (e.g. CISA qualified), knowledge of Standards (e.g. ISO 27001, BS 25999, ISO 9001 and PCI-DSS), IT technical knowledge (e.g. databases, networking, operating systems and applications) and the interpersonal skills necessary to extract the maximum information from interviewees.

URM is able to conduct a full audit programme on behalf of an organisation or individual audits against key Management System Standards e.g. ISO 27001, BS 25999 / ISO 22301.

URM is a registered Payment Card Industry (PCI) Qualified Security Assessor (QSA) and is qualified to assess and audit Merchants and Service
Providers.

URM has a team of qualified auditors who bring with them a vast range of expertise and experience. This expertise incorporates a combination of auditing skills, knowledge of Standards, IT technical knowledge and interpersonal skills