IT AuditOur expertise is in IT General and Application controls.
IT general controls cover systems development, change management, security and
computer operations. Application controls includes validity, completeness, accuracy
and security. Our reviews don't segregate manual and application controls. We
look for the control that is the most effective and don't waste time with secondary
controls that are not sufficient for reliance. We also take a risk perspective.
There's no point getting bogged down in detail on control objectives when the
risks are minimal if the control is not effective. We start with an understanding
of business process by asking our clients for their inputs, their process and
outputs. We document the business process using swimlane diagrams and a control
matrix. Swimlane diagrams are an excellent tool for documenting business process
as they are easily prepared and understood. The control matrix includes not just
application controls but also efficiency and effectiveness. We think its
time Sarbox (or the equivalent) reviews should include efficiency (achieve the
desired result with the minimum use of resources) and effectiveness (achieve the
desired result). Then we are talking about value for the money.
For more information, call Michael Burns at 416-485-2200 or contact
us.
|