ü SOX CONSULTING

Sox Section 302 Services 

Entity Level Controls Development 

Section 404: Implementation 

Section 404: Management Testing

Remediation Services

IT and Systems Services

Control Rationalization Services

Project Management Services

Section 407 Services

Executive Training Services 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
Search:  
GTS - Financial Services
 

IT and Systems Services

 

While most corporate business and accounting departments are all too familiar with financial reporting requirements and audit trails, many Information Technology (IT) departments are finding themselves in the audit spotlight for the first time.  Many are struggling to define what their departments must do to comply and to implement the necessary procedures to ensure compliance with the Sarbanes / Oxley Act of 2002 (SOX).  The problems are compounded by   a lack of qualified IT auditors to address IT department’s unique needs.

 

As part of our extended regulatory-related services, GTS offers IT consulting services designed specifically to help you comply with SOX regulations and not “burn” your IT professionals out before their time.   Based on our information systems controls   review experience and knowledge of (SOX), we have developed an efficient and effective approach to help you build toward compliance.  This approach helps you evaluate the major control area within the IT department such as:

 

·         Information Technology security

·         Password controls

·         Change control processes

·         System development methodologies

·         System back-up procedures

·         System storage procedures

·         System documentation

·         Remote access computing

·         End-user computing

·         Environmental security and controls

·         Disaster recovery procedures

 

Our multi-phased approach is designed to assess and document all your company’s IT   internal controls.  This approach includes four phases: 

1)       Planning

2)       Assessing design effectiveness

3)       Assessing operating effectiveness

4)       Ongoing monitoring / developing ongoing strategy for compliance

 

Any evaluation, design or audit of an IT internal control structure requires the evaluator to differentiate and stratify IT functions in order to logically plan and administer such a project.     In this regard, at GTS we have identified the following functions / areas that will allow us to effectively and efficiently manage such a huge undertaking.  These include: 1) Mainframe related controls; 2) Administrative controls; 3) Security related controls; 4) End-user related controls; and 5) System platform controls.  The latter function includes detailed evaluation, design or audit of each operating system platform (Example: PeopleSoft, Millennium, Oracle, etc. name but a few).   Evaluating, designing or Auditing through the system to test the effectiveness of system designed controls is generally an accepted philosophy in the SOX environment.

 

At GTS, our risk management methodology utilizes the Committee of Sponsoring  Organizations (COSO) of the Tread way Commission guidelines – the standard for internal control frameworks.  COSO is not only an integral component of our methodology, but is also built into our software tools.

 

While the importance of IT controls is embedded in the COSO framework, IT management requires more examples to identify document and evaluate IT controls.  We use the widely accepted IT Governance Institute’s Control Objectives for Information and related Technology (CobiT).  This is an IT governance model that provides both company-level objectives along   with associated controls.  Using the CobiT framework, a company can design a system of IT controls to comply with Section 404 of SOX.

 

 

 Global Technology Solutions, LLC (Your One-Stop SOX Consultant)
Copyright © 2006 Global Technology Solutions LLC. All rights reserved.