Information Technology General Controls (ITGC)
Our ITGC review will consist of the following:
We use a top-down approach that allows our team to partner with you in identifying and addressing risk. This addresses business risk in relation to your critical success factors and strategic business objectives and helps align the audit/assessment with the relative importance of risk factors within your organization.
The Effectiveness of Key IT controls:
- IT Governance
- Security: Logical and Physical
- System Development/Change Management
- Operations/End User
- Backup and Recovery
Review may also include the review of any Service Organization Controls Reports (e.g., SSAE 18 or Trust Service Criteria), related to your organization’s key services providers.
Assess IT Governance
IT operational and security management practices which are in place to support the IT organization and infrastructure. This includes determining if IT Policies have been implemented, are periodically reviewed and properly approved by Management.
Processes used to access key applications and data, including the procedures for authenticating users and determining their authorization to access and manipulate data. This also includes physical security controls over access to critical computer infrastructure and equipment.
The process for major and minor changes/modifications to in-house Systems and Applications. This includes requirements for authorization and approval, controls over the development, testing, quality assurance and documentation of changes. Also, to determine if vendor System/Application changes are documented, authorized and approved by the Company.
Operation/End User Controls
The management and supervision of operations to ensure that only authorized programs are executed, and that appropriate recovery procedures exist. (This also includes the reporting and resolution of incidents and problems.)
Backup and Recovery
The backup, recovery, storage, retention (and security of backup data) for critical financial programs and data.
All Our IT Services
Contact Us Today!Once experiencing our work, you will find what our clients have found...
That there is no need to look elsewhere for quality services for your assurance and advisory practice.