IT General Controls (ITGCs) Review
IT environments continue to increase in complexity with ever greater reliance on the information produced by IT systems and processes. The recent emergence of regulations aiming to restore the investor confidence placed a greater emphasis on internal controls and often requires independent assessments of the effectiveness of internal controls.
More and more market players in their approach towards internal control assessment, design an implementation need embedding an underlying risk analysis approach with a focus on reliable and effective key application controls. While Risk Management in itself is moving at the top of the Board agenda due to high profile business failures, heavy regulatory pressure is increasing compliance requirements which needs to be integrated into the company internal control framework.
If you need to establish that:
- Systems are developed, configured, and implemented to achieve management’s objectives.
- Changes to programmes and related infrastructure components are requested, prioritised, performed, tested, and implemented in accordance with management’s objectives.
- Transactions are processed completely and accurately in accordance with management's objectives, and that processing problems are identified and resolved completely and accurately to maintain the integrity of financial data.
- Only authorised access is granted to programmes and data upon authentication of a user's identity.
Then PwC can help you
PwC can provide you with an overall evaluation of management controls; assurance on business process, system and data technology management. Our services enable you to gain comfort that your systems, processes and risk management procedures are operating effectively and within a well - controlled environment.
Our practice is backed by a global resource pool, focused tools, "standard industry practices" knowledge, training and technology.
The IT General Controls capability covers identification, evaluation and validation of controls, including reporting of areas for improvement identified together with our recommendations, in the following areas:
Access to Programmes and Data
- Policies and procedures
- Roles and responsibilities
- Security parameter settings of operating systems, applications (including Enterprise Resource Planning (ERP) systems (e.g. SAP, Navision, Oracle) and databases
- User access rights
- Monitoring & Training
- Physical security
- Network access
Control over Computer Operations
- Organisation of IT function
- Service Level Agreements
- Business Continuity and Disaster Recovery Plans
- Network Management
- Backups and Recovery
Controls over Programme Development and Implementation of New Systems
- Testing
- Transfer to live
- Documentation and Training
Controls over Programme Changes
- Maintenance activities
- Change Requests
- Christos Tsolakis
- Partner - Risk Assurance Consulting
- Tel: +357-22555000
- Fax: +357-22555001
- Internal Audit
- Internal Controls Optimisation
- IT General Controls (ITGCs) Review
- Information Technology (IT) Risk Diagnostic and Benchmarking
- Project Implementation Assurance (PIA)
- SAP / Oracle - Segregation of Duties
- Regulatory Compliance
- Spreadsheet Integrity Review
- Computer Assisted Audit Techniques (CAATs)
- ISO27001 - Information Technology Management Systems