IT Audit

Our expertise is in IT General and Application controls. IT general controls cover systems development, change management, security and computer operations. Application controls includes validity, completeness, accuracy and security. Our reviews don't segregate manual and application controls. We look for the control that is the most effective and don't waste time with secondary controls that are not sufficient for reliance. We also take a risk perspective. There's no point getting bogged down in detail on control objectives when the risks are minimal if the control is not effective.

We start with an understanding of business process by asking our clients for their inputs, their process and outputs. We document the business process using swimlane diagrams and a control matrix. Swimlane diagrams are an excellent tool for documenting business process as they are easily prepared and understood. The control matrix includes not just application controls but also efficiency and effectiveness. We think it’s time Sarbox (or the equivalent) reviews should include efficiency (achieve the desired result with the minimum use of resources) and effectiveness (achieve the desired result). Then we are talking about value for the money.

For more information, call Michael Burns at 416-485-2200 or contact us.