HOME

  CONTACTS

  SEARCH

HOME

TRAINING

SERVICES

PUBLICATIONS

SUPPORT

CONTACTS

A full range of consulting services

SEARCH  

Control Processes Audit Focus

  • Acquire or develop application software.
  • Acquire technology infrastructure.
  • Develop and maintain policies and procedures.
  • Install and test application software and technology infrastructure.
  • Manage changes.
  • Define and manage service levels.
  • Manage third-party services.
  • Ensure systems security.
  • Manage the configuration.
  • Manage problems and incidents.
  • Manage data.
  • Manage operations.


IT Audit and Control

Sarbanes-Oxley provides for new corporate governance rules, regulations and standards for specified public companies including SEC registrants. The US Securities and Exchange Commission (SEC) has mandated the use of a recognized internal control framework.

Section 404 requires the management of public companies specified by the Act to assess the effectiveness of the organization’s internal control over financial reporting and annually report the result of that assessment.

Much has been written on the importance of the Act and internal controls in general; however, little exists on the significant role that information technology plays in this area. Most would agree that the reliability of financial reporting is heavily dependent on a well-controlled IT environment. Accordingly, there is a need for information for organizations to consider in addressing IT controls in a financial reporting context.

New Art Technologies, Inc. has decades of experience in all facets of IT development, audit and control. We review IT control processes completely and holistically, focusing on the following framework of questions:

  • Does the Sarbanes-Oxley steering committee understand the risks inherent in IT systems and their impact on compliance with section 404?
  • Has IT management implemented suitable IT controls to meet these business requirements?
  • Does the CIO have an advanced knowledge of the types of IT controls necessary to support reliable financial processing?
  • Are policies governing security, availability and processing integrity established, documented and communicated to all members of the IT organization?
  • Are the roles and responsibilities for all those involved in processing financial IT systems related to section 404 documented and understood by all members of the department?
  • Do members of the IT department and all those involved in processing financial IT systems understand their roles, do they possess the requisite skills to perform their job responsibilities relating to internal control, and are they supported with appropriate skill development?
  • Is the IT department’s risk assessment process integrated with the company’s overall risk assessment process for financial reporting?
  • Does the IT department document, evaluate and remediate IT controls related to financial reporting on an annual basis?
  • Does the IT department have a formal process in place to identify and respond to IT control deficiencies?
  • Is the effectiveness of IT controls monitored and followed up on a regular basis?

Copyright ©2004-2006 New Art Technologies, Inc.

Home        Training        Services        Publications        Support        Contacts