Information Technology General Controls (ITGC)

eDelta Consulting has extensive experience in performing Information Technology General Controls (ITGC) Audits and Assessments for clients in multiple industry areas.

Features

Our ITGC review will consist of the following:

We use a top-down approach that allows our team to partner with you in identifying and addressing risk. This addresses business risk in relation to your critical success factors and strategic business objectives and helps align the audit/assessment with the relative importance of risk factors within your organization.
Conduct kick-off and planning meeting.

Evaluation

The Effectiveness of Key IT controls:

  • IT Governance
  • Security: Logical and Physical
  • System Development/Change Management
  • Operations/End User
  • Backup and Recovery

Review may also include the review of any Service Organization Controls Reports (e.g., SSAE 18 or Trust Service Criteria), related to your organization’s key services providers.

Assess IT Governance

IT operational and security management practices which are in place to support the IT organization and infrastructure. This includes determining if IT Policies have been implemented, are periodically reviewed and properly approved by Management.

Assess Security

Processes used to access key applications and data, including the procedures for authenticating users and determining their authorization to access and manipulate data. This also includes physical security controls over access to critical computer infrastructure and equipment.

System Development/Change

The process for major and minor changes/modifications to in-house Systems and Applications. This includes requirements for authorization and approval, controls over the development, testing, quality assurance and documentation of changes.  Also, to determine if vendor System/Application changes are documented, authorized and approved by the Company.

Operation/End User Controls

The management and supervision of operations to ensure that only authorized programs are executed, and that appropriate recovery procedures exist. (This also includes the reporting and resolution of incidents and problems.)

Backup and Recovery

The backup, recovery, storage, retention (and security of backup data) for critical financial programs and data.

Contact Us Today!

Once experiencing our work, you will find what our clients have found...

That there is no need to look elsewhere for quality services for your assurance and advisory practice.

Send a Message