Information System Audit

Currently, the word is mainly driven by the “Information Technology” along with it’s automation and digitization. Various organization has been accelerating it’s IT Infrastructures to meet the requirement of “smart people”. In-order to ensure such IT Infrastructures along with the policies are working properly inline with the organization business strategies, every organization should perform routine based Information System Audits.

An information Systems audit is the process of testing controls and reviewing against the dictated organizations’ policies and whether compliance with some regulatory standard or regulation is being confirmed to and whether up-to-date processes and infrastructure are being applied. This process includes proper definition of requirements, collection of evaluative evidences and the determination of compliance with requirements.

At CryptoGen Nepal, we aim to provide highly professional audit services creating values to our professional and demanding clients. We provide services to growth-oriented corporations of all sizes based on our strong local knowledge and international stance and network. Audits are meant to provide confidence to stakeholders while making keen observation and conformity to regulations. Therefore, audits must be carried out with a high degree of quality and efficiency. Our team of experienced and committed workforce strive to provide exceptional client service to every client, regardless of size, scope, or structure. We are team of certified professionals and have partnered with various security service provider to deliver best quality services. We follow a culture of professional work ethics, practice proper project management and tools contributing towards our efforts to build and maintain trust with our stakeholders, ensuring high customer satisfaction and long-term partnerships.

Our Major Focus Areas in brief:


Governance and Management of IT

IT governance is a formal framework that provides a structure for organizations to ensure that IT investments support business objectives and stakeholders needs. They require periodic reviews to avoid any outdated information leaving the organization vulnerable to unsolicited risks or incompliance. We examine whether IT Strategy, IT-Related frameworks, IT Standards, Policies and Procedures are properly followed or not validating them against the industry guidelines, standard practices as these are extremely important as they set the direction of the work force and ensure proper utilization of the resources deployed.

Information Systems Acquisition, Development and Implementation

It covers how IT auditors provide assurance that the practices for the acquisition, development, testing, and implementation of IS meet the organization’s strategies and objectives. We examine the Business Case and Feasibility Analysis and test the system development methodologies and ensure the Post-implementation Review are also made as it ought to be.

Protection of Information Assets

Understanding of the value of information asset is a key consideration for information systems management. It includes the comprehensive list of Mobile, Wireless, and Internet-of-Things (IoT) Devices - computer equipment, phones, network, email, data and any access-related items such as cards, tokens and password etc. This area of focus aims to provide assurance that the information assets’ confidentiality, integrity and availability are ensured by the enterprises’ security policies, standards, procedures and controls.

Information Systems Operations & Business Resilience

Business resilience planning is a governance and risk management responsibility that organization must address to enable them to survive and thrive in an increasingly hostile environment. It encompasses crisis management and business continuity plans to various types of risk that an organization may face, from cyber threat to natural disaster, and much else besides. As well as , business resilience relates the ways an organization addresses the consequences of the incidents and the ability of an organization to adapt to the new environment and circumstances following that incident. We examine organization’s Business Impact Analysis, Business Continuity Plan, Disaster Recovery Plans, Data Backup, Storage, and Restoration and System Resiliency and conclude if the organization has successfully been able to overcome the incidents if any.

Audit Methodology

We follow ISACA guidelines for the audit along with the best industry practices and incorporate various IT framework, Guidelines & Standards like COBIT 5, ISO 270001, NIST Framework, NRB IT guidelines, NTA Cyber Byelaws, ITIL, PCI DSS etc. wherever necessary. We also have partnered with foreign based leading cyber security companies to serve our valuable clients wherein the expert resources are required.