Independent assessment of internal controls
You can depend on the skills and experience of Plante Moran’s technology consulting team to test the effectiveness and strength of the internal controls within your technology systems. To ensure the integrity and security of your information, our technology consultants have developed a proven methodology and done thousands of information technology audits for more than 500 companies.
Methodology follows COSO, AICPA and COBIT guidelines
The technology team’s methodology for auditing IT internal controls follows the guidelines of COSO, AICPA, COBIT, and other industry standards such as ITIL and ISO. The methodology has evolved from years of experience conducting IT audits in virtually every industry group.
The proprietary methodology takes into account the various regulatory requirements, including HIPAA, FFIEC, GLBA, and Sarbanes-Oxley, and maps out an efficient testing approach that reduces the overlap between these regulatory requirements.
The technology consulting team will interview your IT group and users and review selected documents to evaluate your information systems security control environment. Their testing approach uses automated tools combined with manual inspection of configuration values.
Audit methodology provides confidence
Data gathered from automated tools is validated by a manual review. This process is designed to provide you a greater level of confidence than either approach used independently. These tools do not require installation of any additional software on any of your host systems.
When the review procedures are completed, the technology consulting team will issue a report for management that summarizes its findings and prescribes recommendations for strengthening the management and control of information systems and security.
Our technology consultants will discuss their findings and recommend strategies for strengthening administrative, security, and operations controls.
You can depend on Plante Moran’s technology team to ensure the confidentiality, integrity, availability, and compliance of your information systems.