Control Identification & Implementation
Control Identification & Implementation
Analyze business processes to understand process steps, identify controls in business and IT processes including manual controls and automated system controls. In cases where gaps in control are identified, work with the organization to design and implement new controls. Improve the design and operating effectiveness of controls for the organization and provide external auditors with an understanding of the control environment.
Control Implementation in Growing Organizations
Implement information technology general controls (ITGCs) in growing organizations, organizations preparing to go public and comply with Sarbanes Oxley requirements and organizations seeking to obtain SOC reports, that do not have a practice of performing and documenting internal controls. The implementation of controls in these organizations requires extensive training and coaching of client personnel to help them understand and effectively perform internal controls. Clients can improve their control environment and achieve their SOC and SOX objectives.
New System Implementation Troubleshooting
Identify processing errors and control failures related to the implementation of a new system. Provide recommendations for improvement of controls to help the client return the system to normal operations.
Control Rationalizations
Review internal controls and associated procedures to: identify gaps in controls; overlapping, redundant and outdated controls; areas for reduction; and automation to improve the efficiency and effectiveness of compliance. Results in an overall reduction of the number of controls being documented and tested for financial reporting compliance purposes and an increase in the proportion of application controls. The level of effort for internal compliance, internal audit and external audits is reduced.
Process Flow Mapping
Create diagrams of processes to visualize process steps and controls. Creation of process flow maps also helps identify gaps in the design of controls, overlapping controls and scoping for SOX, SOC and internal audit projects.
Data Flow Mapping
Create diagrams of data movement to show the interaction and interfaces between systems and the path for the processing of transactions. Creation of data flow maps helps identify interfaces, gaps in the design of controls, overlapping controls and scoping for SOX, SOC and internal audits projects.
Control Owner Training
Provide training for control owners to educate them on the purposes of internal controls, how specific controls should be performed and how to appropriately document controls so that there is sufficient evidence to meet internal and external audit requirements. Training helps to improve the performance of internal controls and reduced the rate of exceptions and errors.
Privacy & Compliance
Create Privacy Policies
Draft privacy policies for the protection of personal information. Provide guidance to business on required privacy practices.
Implement Privacy Controls
Work with business process owners to implement privacy controls and evaluate the effectiveness of controls to improve the protection of personal information.
Corporate Integrity Agreement (CIA)/ Independent Review Organization (IRO)
Help organizations fulfill CIA/IRO documentation requirements and information requests. Help organizations comply with requests to successfully complete CIA and IRO oversight.