Client Needs & Objectives
Our client, one of the leading financial cooperatives in North America, mandated us to perform an audit of their access management and database security for check and cash clearing applications.
The objective of the IT audit was to:
- Evaluate the systems and processes in place that related to authentication, access management and database security.
- Define and assess risks and controls related to a company’s information assets.
- Ensure processes are in compliance with IT-specific regulation, internal policies and standards, and industry best practices.
Our approach
- Developed a comprehensive Risk and Control Matrix and evaluated the identified risks based on COSO risk framework
- Gathered relevant sources of information to conduct design and efficiency testing of existing controls: departmental policies, standards and prior audit workpapers
- Created design and effectiveness tests for each control
- Conducted interviews with process users and owners to obtain an understanding and walkthrough the key processes.
- Assessed the residual risk levels of inadequately designed or executed controls
- Communicated findings with key stakeholders and management and accompanied them to set action plans for remediation of ineffective controls
- Delivered a report including control and testing documentation, as well as the action plans agreed upon by the accountable parties
