IT Audit Services for C-SOX Compliance
Assessing IT controls requires highly specialized skills. Although many public companies have an Internal Audit capability, many lack the skills in-house to effectively document and test IT controls. Sunera can assist with all aspects of your Canadian Sarbanes-Oxley documentation project and on-going testing including: IT General Controls, Application Controls, Baseline Application Testing, and Segregation of Duties (SoD) Testing as demonstrated below. We possess the entire breadth of technical skills required to work with ERPs, databases, networks and websites as well as IT processes. Our professionals are experts in COBIT for Sarbanes-Oxley and most have completed many IT general controls work paper sets for “Big-4” audit firms. Furthermore, IT is one of our core specialties.
C-SOX Documentation & On-going Testing
IT General Controls. Since IT permeates all aspects of an entity’s business, we can assess the controls within the IT process related to change management, security, and IT operations to ensure compliance with Sarbanes-Oxley.
Application Controls. We can determine which system configuration and account mapping controls have been designed based on appropriate business criteria, to secure data against inappropriate processing (by enforcing validity, completeness, accuracy), help ensure data integrity and comply with Sarbanes-Oxley.
Baseline Application Testing. As part of Sarbanes-Oxley compliance, our testing ensures that external factors, such as server or network bottlenecks that may affect the results of further testing, are not present, and provides a set of performance results that can be used as a starting point for comparison with the actual benchmark testing.
Segregation of Duties Testing. We can collect all of your ERP’s extracted roles data, though a protected medium and conduct a risk analysis. From this we produce a deliverable that includes a detailed Segregation of Duties (SoD) conflict analysis and remediation recommendations.
