• Fraud & Security Services
• Forensic Computing Service
• Information Systems Assurance
• Governance & Risk Management
• Consulting Services
• Internal Audit and Assurance

Information Systems Assurance

With one of the largest teams of any public sector audit service in the North, we provide a full range of IS Assurance services to 15 clients from the Humber to the Tweed. Skills within the team range from Information Security, Network management and IT service management, through to PRINCE 2 project management, Information and IT Governance, COBIT, Business Continuity/ Disaster Recovery and IT Risk Management.

We apply our skill sets to provide services tailored to our clients’ individual needs and budgets. Examples of our services are summarised below. However, this list is not exhaustive – please contact one of our team leaders (details at the foot of this page) to find out more.

• IM&T Audit: Whether in support of delivery by in-house internal audit teams, or as a service in its own right. Our IM&T Audit specialists have many years experience of developing and delivering IM&T Audit plans, covering the full range of COBIT areas, for different clients. Assignments are completed by the most relevant specialist within our team.

• IM&T Audit Development: We provide tailored solutions to help develop capability within small IM&T Audit teams, ranging from training packages to partnering arrangements where we help your teams plan and deliver IM&T Audit work over a range of areas. Our goal is to transfer our knowledge and skills to improve your team’s self-sufficiency whilst remaining on hand to provide technical expertise when you need it.

• IT Risk Management: Our specialists work alongside IM&T Directors and Managers to identify, analyse and plan the mitigation of significant IM&T risks. We have experience of a variety of approaches to suit different organisations and we can draw upon a host of industry knowledge from ISACA and others.

• COBIT based assessments: We apply COBIT and other industry standards such as ITIL in carrying out IM&T Audit work. We can carry out discrete assignments, to assess your compliance with such best practice standards either within, or outside of, an IM&T Audit Plan.

• ISO27000 assessments: Most of our team members are accredited to carry out audits of compliance with ISO27000: Code of Practice on Information Security. Others have in-depth experience of implementing it in their own organisations. We can help you to identify and assess your information security vulnerabilities or to obtain assurance in respect of your procedures. Over many years we have developed proven approaches to assessing security awareness, including a number of bespoke surveys.

• Continuous controls testing: To meet our client needs, we have developed effective methods for providing ongoing assurance in respect of critical IM&T controls, such as back-up routines and virus protection for key systems. We continue to invest in developing our capability in this area.

• Programme and Project Assurance: Over half our team members are PRINCE 2 Qualified. Others have experience of advising on and assuring controls in major central government projects. Our approach is to work alongside, or as part of, project teams to provide timely assessments of risk and advice on controls as projects progress. However, we can also review and help to strengthen project management methodologies as a whole.

• Information Governance: Our information governance specialists have a wealth of experience of assessing the full range of information governance controls, including helping clients to prepare for and pass external assessments.

In line with the Audit North vision, all of the above services can be accessed at our not-for-profit rates. To find out more, please contact one of our IS Assurance Team Leaders:

Angela Mulroy (0191 441 5943) angela.mulroy@nhs.net

Brian Ridley (0191 441 5944) brian.ridley@nhs.net

To find out more about our team, please click here.