Home     Stambaugh Ness PC     SN Business Solutions     Careers     eNewsletter     Events     Podcasts     More Knowledge     Contact Us      
Information Systems Audit Services

It is the infrastructure that drives your business. It is increasingly complex. It is increasingly more capable. It is increasingly relied on to store and process valuable information. For these reasons, it is subject to increasing risk and must be appropriately monitored. It is IT.

WHAT IS IT RISK?
IT risk comes in many forms, including operational, financial, execution, regulatory, reputation and security. Successful organizations manage these risks so that the benefits of technology can be leveraged to drive shareholder value. 

WHAT IS COBIT?
To bridge the gap between control requirements, technical issues and business risks, the Information Systems Audit and Control Association (ISACA) has developed an IT governance framework called CobiT. CobiT is a process-based framework that divides IT into 34 distinct processes. Each process has a high-level control objective, detailed control objectives, roles and responsibilities, goals and objectives, and a maturity model, all designed to help organizations better manage their IT risks.

OUR EXPERIENCE
Our IT audit team has experience with a wide variety of systems and applications including AS 400, Windows 2000 and both the SAP R/3 and Oracle ERP systems. Our approach to design evaluation and development of IT general controls follows the CobiT control framework.
 
VALUE CONSIDERATIONS
Effective management of technology risk will dramatically impact operational efficiencies. In the process, organizations are also likely to see improvements in project lifecycles, and compliance initiatives. It is arguable however, that managing reputation risk can have the most significant impact on value. Some organizations have experienced significant damage to reputation as a result of breaches in data security and errors in financial reporting. Proper management of technology and related risks is key to preventing these situations.
 
AUTOMATING CONTROLS
In addition to operational efficiencies, an effective IT control framework can also improve the effectiveness and efficiency of controls over financial reporting. Identifying, testing, and relying upon automated / application controls is one of the most common and effective methods of reducing the cost of SOX 404 compliance. 

INTEGRATED AUDIT APPROACH
We recognize that IT does not operate in a vacuum – it is an integral component of nearly all functional areas of a business. Therefore, in addition to IT-specific audits, we offer an integrated audit approach that considers IT risks within each functional audit. This approach allows us to help our clients align IT initiatives with operational and financial risk management objectives.

UTILIZING TECHNOLOGY IN AUDIT TESTING
Computer assisted auditing techniques (CAATs) allow the auditor to analyze and test an entire population in a fraction of the time needed to manually test a sample of items. We have individuals skilled in these areas and strive to leverage application controls and CAATs wherever possible.

 

Return to Risk Advisory and Outsourced Audit Services