Outsourced Auditing Services

Internal auditing is critical in ensuring that your organization’s management system (including policies, processes, procedures, and controls) operates effectively. A significant challenge for many organizations is a lack of sufficiently competent resources or those with sufficient impartiality to cover all auditing needs. One solution is to outsource your internal auditing process. Naturally, if you are involved in outsourcing audits, you need to ensure that both the conduct of the audit and the output from the audit will be fit for purpose and will fully meet your expectations and the requirements of your various interested parties. This is where Veritas can assist. We have extensive audit experience and competency and can offer a flexible range of audit services.

We are able to provide you with both full audit program support or simply conduct individual audits against key management system standards, as well as processes or specific controls from standards such as ISO 27001 (Information Security), ISO 22301 (Business Continuity), ISO 20000 (IT Service Management) and ISO 9001 (Quality).

Audit Methodology

Our established and proven audit methodology is based on analysing your requirements and ensuring that audit results are accurate and repeatable and will take into account factors such as conducting interviews, reviewing documentation, e.g., policies and processes, inspecting records (e.g., logs and registers) and sampling (e.g., type and scale).

Audit Schedule

When helping you develop your audit schedule, Veritas will build it around your specific requirements. For example, if it is part of an ISO 27001 certification program, we will plan to ensure all clauses and controls are assessed over the 3-year cycle. At the same time, audits may be prioritized based on risk assessment findings, incidents, previous audit findings, or legal, regulatory, or contractual requirements.

Management and Reporting of Audits

Once you are ready for assessment, the Veritas Team is able to offer you a range of PCI DSS audit services, including:

Having discussed and agreed with the audit schedule, Veritas auditors will discuss the management and reporting of audits. Here, we will discuss the format of audit reports and how findings will be classified, how corrective actions will be tracked, and how audit reports will be followed up. Details and competencies of the audit team will be provided.

Preparation for the Actual Audits

In preparation for the actual audits, Veritas will define audit objectives, scope, and criteria (clauses and/or controls from ISO 27001 and/or organizational policies/processes) and agree on logistics, e.g., who will be interviewed and when.

Post-Audit Reports

In terms of post-audit reports, Veritas will provide a detailed summary of processes and activities audited, clauses and controls evidenced, and documents and records seen, along with findings (nonconformities and opportunities for improvement).

Auditing Your Key Suppliers

As your outsourced audit partner, Veritas can help you not just with your internal audits but also with auditing your key suppliers. Supplier audits are often overlooked, but with the advent of cloud services and the increasing number of cloud-based products and services offered to organizations, third-party reliance is likely to increase further.

VERITAS is able to assist in assessing whether the services you are receiving from your third parties meet all of your expectations from an information security, data protection, business continuity, or quality perspective. VERITAS’s Supplier Risk Management Tool, Abriska 27036, can be valuable in prioritizing your various suppliers and partners.