Information technology and business are becoming inextricably interwoven. I don't think anybody can talk meaningfully about one without the talking about the other.

-Bill Gates

IT General Controls Review

IT Application Controls Review
IT compliance
More than just compliance: Leveraging IT to succeed in a global market place

In the 21st Century, those companies who leverage their IT systems for both compliance and business management will not only survive but also thrive in both domestic and world markets. It is important to understand that IT compliance is not just a matter of having the right technology but also having the right people who are adept at operating and managing it.

At SCG, our approach is to understand the "big picture" first and then drill down into the details of compliance. By identifying and understanding your business processes first and then assessing how your IT systems functions to achieve your business goals is the key to business success as well IT compliance.

In addition to providing critical support for decision making to your business, IT systems also form a linchpin of your company's system of internal control. Indeed, IT controls are fundamental to compliance with section 404. Section 404 requires identification of IT automated controls including both general and application controls. Sarbanes-Oxley requires management to use an internal control framework such as COSO to document their business processes. Equally, COBiT can be used as a framework to document and test their IT processes. Unfortunately, the COBiT model is not very well understood, applied and integrated with the COSO framework. As a result of this, many US companies have failed their initial SOX internal controls assessment due to IT non-compliance and continues to be one of the leading cause of failures with section 404.

As SCG continues to perform IT compliance implementations, we would like to identify the key areas where IT issues continue to arise:

IT Lessons Learned in the area of IT SOX Compliance
  • No IT documentation (policy and procedures) for business units
  • Super-user access for too many managers and non-managers
  • Proprietary systems with weak or no controls
  • Limited or No segregation of duties
  • No review of user accounts on a periodic basis
  • Failure to have sufficient preventative IT controls
  • Loose change management policies and procedures
  • No responsibility for application controls
  • Poor control environment over IT
  • Too many IT control deficiencies to remediate before SOX deadline
In addition to the above areas, SCG can help in the following areas:
  • Plug and Play" Toolset & Methodology (including IT General & Application Controls)
  • Automating manual controls
  • Educating IT Professionals with Hands-on Training
  • Selection of a 404 automated solution
Contact Us Home Site Map Practice Areas News & Resources
Terms of Use Privacy Policy ©2005 Strategic Compliance Group Inc. All rights reserved.
Website design and logo design by Logoworks