In our approach, we use a unique set of IT audit, process review, compliance, and financial audit methodologies. These methodologies were developed by taking advantage of our colleagues’ internationally awarded ERP implementation expertise and their experience with managing ERP audits in over 20 countries around the world.

Key Questions

From our audit services, you will obtain answers to the following key questions:

• Are you properly protecting the confidential business information in your system from unauthorized access and damage made either deliberately or accidentally?
• Have you effectively configured your controls to prevent fraud?
• On the other hand, your system might be overly secured at the expense of efficiency. In this case, have you reached the expected level of controls while still maximizing your efficiency?
• Do your systems comply with regulatory requirements?
• Most importantly, if you do not receive affirmative answers to any of the above questions, what can you do to the fix the problem in the most efficient and effective manner possible?

The Audit: Modules customized for your needs

To maximize efficiency, we have organized our audit service into modules. You may select from the modules to create an audit that best meets your needs. Further, you can have the modules customized so that they focus on any special areas of concern. The modules are grouped into two layers: (A) IT Infrastructure; and (B) Application. You can find below a brief description of the layers and their modules.

1. IT Infrastructure Layer: you will receive a comprehensive evaluation of the IT Infrastructure supporting the application, including the database security controls, operating systems, and connectivity networks.
   
   
   1. Network Security Module: we assess the network architecture, privileged accesses, and security (including remote access infrastructure).
   2. Database Security Module: we evaluate the database security configuration, privileged accesses and database administration procedures.
   3. Operating System Security Module: we review the security configuration of the operating system (including both the server and client side) as well as operational procedures and privileged accesses.
2. Application Layer: you will receive a comprehensive assessment of application specific controls on two levels:
   
   
   4. IT General Controls Module: we audit the IT General Controls based on the COBIT® control framework.
   5. Application Controls Module: we perform application specific audit procedures around the following three areas:
      1. Critical Access: we review the access rights to critical business functionality (e.g. master data update, access to critical reports, transaction approval, etc.).
      2. Segregation of Duties: using best business practices, we have developed a matrix of access combinations that if possessed by a single individual could result in circumventing financial controls or fraudulent activities and therefore should be segregated.
      3. Business Process Controls: we assess risks related to your business processes by reviewing the most important business controls that are automated and system supported.

Audit Reports: business focused reporting

Following our audit, you will receive an audit report. From this report, you will gain a thorough understanding of your current control environment. Further, you will learn how to fine-tune the control environment in a cost-efficient and sustainable manner.
You will receive an audit report that is business oriented and written in plain language. As a result, the report should make it easy for your stakeholders to understand the current issues and recommended solutions. In addition, the report will organize the technical details for implementing our solutions so that you will clearly see the steps for fixing any issues.