Information Technology AuditInformation technology is the core of todays highly connected global economy. As a result coupled with the velocity of information technology change requires all organizations to not just know how to strategically leverage information technology, but it is incumbent that management has the proper response in the form of controls to combat the ever-changing risks presented by technological advancements. Our Information technology (IT) audit subject matter experts partner with both internal audit and management to achieve a wide array of objectives.
Information Technology (IT) audit Outsourcing and Co-Sourcing
As noted in the internal audit services section of our website, very, very few internal audit functions are able to attract, hire and retain all of the internal audit resources it requires on a full-time basis, at all times, particularly with information technology or IT auditors. As a result, it is virtually impossible for many organizations to fully execute their risk-based audit plans on a year-to-year basis. At Hunt Risk Solution Partners we have significant experience with helping organizations perform a myriad of Information technology (IT) audit consulting roles ranging from IT Audit Planning to audit execution and reporting. In fact, Steven Hunt, the founder and President of Hunt Risk Solution Partners, was the lead author of The Institute of Internal Auditors (IIA) Global Technology Audit Guide (GTAG) “Developing the IT Audit Plan.”
Federal Financial Institutions Examination Council (FFIEC) Information Technology (IT) Compliance
The FFIEC, banking and non-traditional lender regulatory bodies (OCC, FDIC, NCUA, FRB and CFPB) require periodic audits of the information technology (IT) control environment in order to ensure these regulated organizations adhere to the appropriate set of FFIEC guidelines and that IT controls are designed and operating effectively in the ever changing world of information technology. Hunt Risk Solution Partners has significant experience in performing these required IT audits, particularly with community banks. The majority of our banking IT audits cover the following:
- Information Technology General Computer Controls
- Information Security Program Development and Assessment
- GLBA Program Development and Assessments
- Vendor Management Program Development and Assessments
- Internal Network Security Reviews
- External Network Security Reviews
- Social Engineering
- Information Technology (IT) Risk Assessments
ERP Application Controls Consulting
At Hunt Risk Solution Partners, our professionals use a proprietary methodology to perform ERP application control audits which is based upon The Institute of Internal Auditors (IIA) Global Technology Audit Guide (GTAG) “Auditing Application Controls.” which Steven Hunt, the founder and President of Hunt Risk Solution Partners, was the lead author. ERP application control audits provide additional assurance that these controls are configured correctly and perform consistently as intended by management as well as provide an additional layer of assurance in the overall integrity of system data. In addition, Hunt Risk Solution Partners has very in-depth SAP R/3 security and controls consulting and audit expertise. The following services are a representation of the ERP application control audits we perform on a regular basis.
- Segregation of Duties/ERP Security Auditing
- Automated (Configurable) Controls Consulting, Testing and related Baselining
- ERP Application Security and Control Design/Optimization – Hunt Risk Solution Partners team of ERP professionals identify risks, indicators of control inefficiency (e.g. overreliance on manual controls) as well as design and partner with management and IT to deploy the control optimization strategy.
- Pre and Post Implementation System Development Lifecycle (Post Implementation Consulting and Audits
Information Technology (IT) Governance
The Institute of Internal Auditors definition of IT Governance is a follows: “IT Governance consists of the leadership, organizational structures and processes that ensure that the enterprise’s information technology supports the organization’s strategies and objectives.” At Hunt Risk Solution Partners, our professionals use a proprietary methodology to perform IT Governance audits which is based upon The Institute of Internal Auditors (IIA) Global Technology Audit Guide (GTAG) “Auditing IT Governance.” which Hunt Risk Solution Partners founder, Steven Hunt, was the lead author.
Information Technology (IT) Risk Assessments
Performing an IT risk assessment is one of the most vital elements of the risk management process of any organization of any size. Through thorough identification of the IT risks an organization can better determine the extent of potential losses and the likelihood they will occur based upon management’s tolerance of risk and risk response in the form of controls. At Hunt Risk Solution Partners, our team of highly experienced and credentialed IT consultants and IT auditors have performed a significant number of Information Technology (IT) risk assessments by utilizing a blend of interviews, surveys and other techniques in order to truly determine the areas of highest information Technology risks.
Hunt Risk Solution Partners professionals works with and supports your organization in the development, implementation and maintenance of Business Continuity and Disaster Recovery Plans. These services include such components as Risk Assessments, Business Impact Analysis, Plan Development and Documentation, Table-Top exercises, full testing and Audits. Our proprietary methodology is based on The Institute of Internal Auditors GTAG “Business Continuity Management.”
SSAE 16-18/AT 101-AT-C Sections 105, 205 and 320 Readiness
Why would a service provider who needs to obtain a SOC 1, type II audit report, for example, hire a large accounting firm to perform the audit only to receive a qualified opinion on the audit? Logically, it doesn’t make sense. Sometimes organizations internal control structures simply aren’t ready for the audit to begin with and are being pushed by senior management or their customer base for the audit report. In other cases, organizations have convinced themselves the internal controls to be tested are ready for the unyielding scrutiny of a large audit firm when the controls have not been reviewed and tested by an independent 3rd party first to ensure that when the actual SOC 1, type II audit begins the controls will stand up to the scrutiny. Hunt Risk Solution Partners team of professionals has the in-depth experience to perform the crucial first step of a readiness assessment and work with management to remediate any control gaps before the external audit firm begins their work.Contact Us