Bezaleel Consulting Inc.
| Home | Training facilities | Who should attend | Value added services | Schedule | Contact us   
Bezaleel Consulting Inc.
 
 Features Services
Training
Consulting
Certifications
IT Audit & SOX Compliance
Micro Finance Investments
 
  Bezaleel Consulting Inc. Write us
 

IT Audit & SOX Compliance

IT Audit

We have the expertise to perform on-site review and assessment of your IT environment and the skills to help you protect your IT assets by providing you with a quality IT Audit services. The scope of our services includes, but not limited to the following;

  • Enterprise IT risk assessment review
  • Review Systems and Applications control strengths and weaknesses
  • Review of IT processes for adequacy
  • Service availability
  • Vulnerability analysis
  • Identify critical points of failure and impact
  • Review the adequacy of network security
  • Electronic banking control review
  • Review IT/Information security policies and procedures for adequacy
  • IT control review for compliance with internal and external regulations
  • Develop and establish IT audit function - Processes and Methodologies
  • Determine the frequency of internal control review based on risk
  • Ensure the establishment of remediation plan for gaps and mitigating controls

We perform the testing of design and operational effectiveness of the following IT General Controls (ITGC) and Application Controls:

  • Capacity and resource planning review
  • Audit Methodologies
  • Access Control
  • Segregation of duties
  • Audit logging
  • Data Integrity controls
  • Change/Problem Management
  • Project Management (SDLC)
  • LAN/WAN
  • Disaster Recovery and Business Continuity
  • Remote Access Audit
  • ERP Application Audit
  • Mainframe environment Audit
  • Data Back up and Recovery
  • Information Security policy review
  • ERP (SAP, Oracle Financial, PeopleSoft etc) Audit

SOX Compliance

We adopt a structured approach as prescribed by the PCAOB guidelines to section 404 internal control compliance.The following is the outline of our methodology:

  • Plan and scope financial and IT systems
  • Conduct a risk assessment - adopting a top down Risk approach to controls
  • Identify significant controls and accounts
  • Document and design controls
  • Evaluate controls
  • Complete a Process Mapping
  • Complete a Controls Matrix
  • Evaluate operational effectiveness (testing)
  • Identify and remediate control deficiencies
  • Document the compliance process
  • Attestation
  • Build sustainability

TESTING IT CONTROLS AND EVALUATION OF OPERATING EFFECTIVENESS

Testing and Evaluation of Operating Effectiveness

  • Master list of controls objectives
  • Conduct of testing
  • Documentation of test results
  • Test types
    • Corroborative
    • Observational
    • Documentation
    • Re-performance
  • Analysis of results
    • Classification - Material, Significant, Non Significant, No control
    • Ineffective
      • Document deficiency
      • Identify cause
  • Assess significance - aggregated impact, likelihood of recurrence, magnitude
    • Effective
      • Document test - date, tester, conclusion
  • Control Deficiencies
    • Issue evaluation
    • Compensating controls
    • Deficiency assessment
    • Resolution plan
    • Timing of remediation
  • Remediation Plan
    • Strengthen, Replace, Redesign
    • Timing, Objectives, Allocation of responsibility, Deadline, Time and cost, Progress, Management approval, Audit committee approval
  • Attestation based on test results.

For more information and how we can help to secure your organizational IT assets, please contact us for more information at ...
 
Home | Training facilities | Who should attend | Value added services | Schedule | Contact us
Copyright 2009. Bezaleel Consulting Inc. All rights reserved.
Site by: Lx Web Solutions