Audit Services

Audit Process

Phases :

1.Counsel

In this phase, Transteq consultants have one to one discussion with the process & System owners. The consultants understand the client application and also gain knowledge of the business process of the client

2.Explore:

In this process the Transteq consultant review the business process of the client, understand the baseline blue print doc and also the existing business process. The consultants freeze the key performance Indicators of the client business and understand the system configurations towards these identified KPIs

3.Construe & Report

In this phase the Transteq consultants identify the GAPs with respect to the blue print doc, best practice of the Industry and the process followed by the client. The detail report will cover the effect / errors occur in the system and also the cause of the error / origin / reason behind the bug. In this phase the scan report of the application is captured and a detail report is based on the findings. The consultants also report on the transaction log of the major transaction to find out any breech of the company security policy.

4.Commendation

The final recommendation based on the feasibility at the client environment and also the client Industry type is presented with the consultation of the client process owners & Manager. The finding of the audit & the report on the improvisation in terms system configuration, process change and also GAPs identified is recommended. The report is shared with the senior management in a workshop / open house. Based on the management’s comments / suggestions in to the confidence, the final report are submitted to the client management.

5.Implement & Monitor

In this phase Transteq takes the ownership to implement the changes referred in the report and ensure that has been adapted by the client business owners. Moreover Transteq takes the responsibility to monitor the application regularly in terms of Monthly Audit report with the alerts / suggestions.

Audit Services

Application Security Audit

The application Security Audit tells enterprises how their application security posture stacks up against industry best practices. The audit covers two high-level areas

Essential Technical Controls

The key components of the APPLICATION infrastructure are checked for technical vulnerabilities. These components include:

  • Application web servers
  • Application ECC servers
  • Application database servers

The technical controls we examine are categorized as: Authentication and Access controls
Next, we drill down into a few specific checks to illustrate the type of checks that are performed in practice:

1.Authentication and Access Controls

  • Has a minimum password length (login/min_password_lng) been enforced?
  • Have the default passwords for default users (“SAP”, “DDIC”, etc) been changed?
  • Has an expiration time been set for passwords? (login/password_expiration_time)
  • Is the maximum number of failed logins before an account is locked set? (login/fails_to_user_lock)
  • Are multiple user sessions suppressed?
  • Have the password of default database accounts been changed?

1.1. Essential Process Controls :

Key processes for administering the APPLICATION environment are checked for compliance with the enterprise policy and industry best practices in this phase of the audit.

The area that are covered under this are:

2.Backup and Recovery Processes

Next, we drill down into a few specific checks to illustrate the type of checks that are performed in practice:

3.Key Roles and Responsibilities

  • Have responsibilities been defined for key roles?
  • Are key administrative roles separated? E.g. User creation and approval

4.Backup and Recovery Processes

  • Does the backup schedule adhere to policy?
  • Are backups encrypted?
  • Are backup tapes labeled?
  • Are offsite copies of backups maintained?
  • Is recovery tested periodically in line with policy?

5.Advanced Security Audit options

  • Authorizations audit, to check if authorizations have been given correctly
  • Business process audit, to check if frauds can be permitted within the business processes in application