IT Controls

GAP Resources' depth in IT controls is extensive. Not only do consultants have a wealth of IT control knowledge, they can apply that knowledge in concert with the business objectives of the project - SOx, internal audit, management improvements and external audit - addressing such areas as:

  • IT General Controls Identification and Testing: Identify most effective control processes. Test program change control and application development control processes, as well as Security controls for mainframe, midrange (iSeries), and server environments.

  • Application Controls: Review business processes and controls, identifying relevant application controls. Design and carry out test plans.

  • New Systems Implementations: Assess systems implementation risks and controls prior to implementation. Typical high risk areas include: accounting implementation issues including cutoff issues and interfaces, application level security, testing and user training.

  • IT SOx Programs: Coordinate with business SOx personnel to establish scope and impacted IT applications and platforms. Standardize IT SOx control and testing requirements. Train personnel on testing techniques.

  • 404 Optimization: Establish standard/key IT control lists focusing on best practices, responsive to new 404 guidance. Facilitate review and confirmation with audit and management stakeholders.

  • IT Control Process Improvements: Identify specific process improvement alternatives for management review. Develop implementation plans. Design responsive testing approaches.

  • External Audit Coordination: Interpret external audit requests to specific IT controls within the client organization. Provide client preparation and coordination for external audits.

  • Internal Audit Co-sourcing: Integrate GAP Resources staff into value added support of client's IT internal audit program. Provide expert IT risk assessment resources, augment internal staff while providing training, and supplement resources during peak testing times.

  • Third Party Administrator Audits: Design and carry out IT control reviews of outsourced/third party administrators (TPAs) for client management. Provide a high level of expertise while being sensitive to external relationships.

  • Insurance Statutory Audits: Prepare IT control data for, and work with state insurance auditors for financial and market conduct exams. Interpret requirements for electronic data files of accounting data. Balance/reconcile electronic data requests to statutory reports.

Home | Site Map