System Audit and System Consulting
We provide assessment and consulting services on IT governance and information based on COBIT.
Making sure that the information system that supports the work processes in a company’s activities is properly and effectively operating is an important issue for a company. Based on ITGI’s “COBIT,” we assess whether IT internal control complies with corporate governance and business goals and we provide reasonable, achievable suggestions for improvement where required. Additionally we offer audit and consulting services in the planning, development and implementation of information systems. |
System audit
The purpose of a system audit is to examine internal controls in operations surrounding information systems from various perspectives and to analyze and evaluate problem areas and, as necessary, make recommendations for improvement. Rather than focus on individual control targets, it is important at this time to conduct a comprehensive assessment that also examines alternative and supplementary controls. Our staff at Yusei are trained to provide high-level professional services in this area. |
- System audit related to financial reporting
- System audits in non-statutory areas (such as operational effectiveness of a computer center, network security, preventive measures for information leakage, personal information protection, and security measures for computer center, etc.)
- System audit in compliance with regulations
- System auditing standards and system management standards of the Ministry of Economy, Trade and Industry
- “Checklist for System Risk Management” of FSA inspection manual (FSA: Financial Service Agency)
- “FISC Information System Audit Guidelines for Banking and Related Financial Institutions” (FISC: Center for Financial Industry Information Systems)
- “Trust Services Principles and Criteria” (SysTrust, WebTrust, and Privacy Framework) of AICPA / CICA
|
Internal control assessment and auditing
Work processes today rely heavily on information systems irrespective of whether they are fully automated through an information system or whether they are performed manually using an information system. Therefore, unless IT internal controls are assessed and audited, it is not possible to assess the effectiveness of the internal control of work processes. We provide highly skilled, integrated services in both financial accounting and system auditing. |
- Assessment and audit of IT General Control and IT Work Process Control
- Assessment of effectiveness of internal control over commissioned business” (equivalent to SAS70
|
Audit and consulting for information security
An appropriate understanding of the purpose of a risk analysis in information security is essential. To be specific, the objective is not to perform an accurate calculation of risk using complex methodology but to prioritize the various threats which have the potential to inhibit business. We provide our clients with proposals for achievable, reasonable solutions backed by comprehensive auditing knowledge. |
- Audit and consulting on security policies, computer security, and network security
- Security auditing based on "FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions"
- Assessment and consulting based on "FSA Guidelines on Personal Information Protection in the Financial Industry" and "Privacy Mark System (JISQ15001)" of JIPDC (JIPDC: Japan Information Processing Development Corporation)
- Assessment and consulting based on "ISO/IEC27001 of ISMS standards" (ISMS: Information Security Management System)
- Compliance audit for CPS of Certificate Authority (CPS: Certification Practice Statements)
- Auditing and consulting for BCP (BCP: Business Continuity Planning)
|