_____________________________________________________________________________________

Technology Risk ...

IT Risk  encompassesSecurity, Availability, Performance, and Compliance and is a critical issue for executives and board of directors.  Virtually every enterprise in every industry relies on IT  to support its various business units.  Any risk to your organisation's  IT system is a risk to your company’s overall financial health.

Our IT Audit Services help identify areas of risk (applications,  networks,  infrastructure,  data centers,  general controls and business-continuity plans) that can, ultimately, affect your organisation's entire business environment.

IT General Controls apply to all areas of the organization and include policies and practices established by management to provide reasonable assurances that specific objectives will be achieved. The control procedures include:

• Internal accounting controls, primarily directed at accounting operations, that concern the safeguarding of the assets and the reliability of financial records.
• Operational controls related to the day-to-day operations, functions and activities, and that ensure the operation is meeting it's business objectives.
• Administrative controls relating to operational efficiency in functional areas and adherence to management policies. Administrative controls support the operational controls specifically concerned with operating efficiency and adherence to organizational policies:
  • Organizationally sound, logical security policies and procedures to ensure proper authorization of transactions and activities.
  • Overall policies for the design and use of adequate documents and records to help ensure proper recording of transactions and transactional audit trails.
  • Procedures and features to ensure adequate safeguards over access to and use of assets and facilities.
  • Physical security policies for all data centers

Application controls refer to the transactions and data relating to each computer-based application system.   The objectives of application controls, which may be manual or automated, are to ensure the completeness and accuracy of the records and the validity of the entries which have been made from both manual and programmed processing. Application controls are controls over input, processing and output functions and may consist of edit tests, totals, reconciliations, and identification and reporting of incorrect, missing or exception data.    Application controls include methods for ensuring that:

• Only complete, accurate and valid data are entered and updated in a computer system.
• Processing accomplishes the correct task.
• Processing results meet expectations.
• Data are maintained.

Interested in more information?