Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services
Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services

Information Technology (IT) Audit Services





To learn more about Sunera's IT Audit Services, please complete the following brief e-mail form and one of Sunera's Directors will contact you.



 Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services

IT Audit Consulting Services Overview


IT audit, technology audit

Why struggle with hiring and retaining IT audit resources within your internal audit group? Outsourcing / Co-sourcing IT audit is a cost effective alternative!

The world of IT audit today requires breadth and depth of technology skills that are seldom found in one resource. Accordingly, many organizations rely on the diversity and depth of skills that only a firm like Sunera can bring to the table. Each resource possesses technological skills within various specialties such as infrastructure and security, ERP systems, database management, UNIX, Windows, project management, application security, or business continuity.

Our projects are defined within small manageable engagements with short timelines designed for high impact and value-add. We can supplement your internal audit plan with IT audit projects that bring added value and positive exposure to your department. Furthermore, each project can be independently evaluated for the return on investment prior to commencement. Therefore, you only engage us for what you need.

We begin with a master services agreement that doesn’t obligate you to purchase any services but establishes us as your IT audit provider. Secondly, we prepare individual project statements of work or provide specific skills and resources for periods of time. Our typical IT audit projects include:



Methodology and Approach


Sunera’s IT audit methodology is based on our vast industry experience and addresses IT risk exposures across a variety of organizations.


  • General IT Controls – Since information technology permeates all aspects of an entity’s business, we can assess and recommend controls within each IT process related to change management, security, and IT operations.
  • Application Controls – We can determine which system configuration and account mapping controls have been designed based on appropriate business criteria, to secure data against inappropriate processing (by enforcing validity, completeness, and accuracy) and help ensure data integrity.
  • User Access and Security – In addition to the risk of unauthorized access to data, there may be a risk of theft of sensitive or confidential intellectual property. We can determine if duties are adequately segregated and an overall security posture is maintained.

We follow practices suggested by the Information Systems Audit and Control Association (ISACA). Specifically, we will utilize CobiT (Control Objectives for IT) which is a risk-based, process-focused methodology that is used to establish a thorough understanding of the organization’s audit objectives, the risks that threaten those objectives, and the relationships between those risks and the organization’s controls.

Our approach includes the following:

  • Walk-through of each IT process, identify business and/or financial reporting risks, assess risk levels, assign control objectives and identify corresponding controls where applicable.
  • Independently test each of the identified IT process areas and collect the appropriate evidence supporting the testing activities and subsequent control evaluation.
  • Assess the operating effectiveness of each key control activity based on the test results and the supporting documentation.
  • For all control or process failures we can assist with determining the required remediation activities to address the outstanding deficiencies and prioritize the identified remediation plans.

Professional Resources


Our IT audit professionals have serviced a broad range of corporate, government and non-for-profit entities and are lead by Directors and Managers who are Certified Information Systems Auditors (CISA). Other related certifications held by our IT audit professionals include:


  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Payment Card Industry Qualified Security Assessor (PCI-QSA)
  • Certified Internal Auditor (CIA)
 Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services


Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services
Sunera:Home     Services     Industries     Training     About     News & Events     Contact Us     Careers
Services:Internal Audit     IT Audit     Sarbanes-Oxley     Information Security     PCI Compliance     Data Privacy     Accounting & Finance     IFRS Conversion
  ACL Consulting & Training     Forensic & Fraud Auditing     Model Audit Rule     Business & IT Advisory     IV&V Review     SAP     ERP Controls     Project Risk
Contact Us:Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services  info@sunera.com     Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services  (888) SUNERA1     Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services  Office Locations

Sunera Business Consulting and Technology Risk Management Services
Atlanta - Boston - Calgary - Dallas - Miami - New York - Orlando - Phoenix - Raleigh - Tampa - Toronto - Vancouver
Copyright © 2005-2011 Sunera LLC. All Rights Reserved.  Sunera® is a registered trademark of Sunera LLC.

Page copy protected against web site content infringement by Copyscape
Sunera Privacy Policy		 Internal Audit, IT Audit, Information Security & Sarbanes-Oxley (SOX) Services