Overview
Practice Leaders
Contact
Locations
Success Stories
Strategic Alliances
Career Opportunities
Conferences & Events
Benefits
Advanced Sales and Use Tax
Assurance
Business Performance Management
Business Risk Services
Government Contracting Services
Internal Audit
Personal Financial Planning
State and Local Tax
Supplier Assurance
Tax and Business Advisory
Transaction Advisory & Strategic Planning
Unclaimed Property
Archive
Press Releases
Articles
Resource Links
Benefits
Internal Audit »
Overview
Financial, Operational, and Compliance Audits
IT Audit Services »
Quality Assessment Reviews
Financial Investigations
Litigation Support
Complete the following form to forward this page...
To:
Name:
E-mail:
From:
Name:
E-mail:
Your message:

IT Audit Services

Our IT audit professionals have experience working as "Big Four" IT auditors, IT management and internal IT auditors for some of the nation's largest corporations. Let our proven methodologies and IT audit solutions add value to your company.

Our IT Audit Solutions include:

Complimentary Sarbanes-Oxley (SOX) IT Technical Guidance

 

IT Audit Co-Sourcing

Internally staffing the IT audit function is difficult for companies due to the complexity of most IT environments and requires several IT auditors. SC&H Consulting will partner with your Internal Audit department to perform audits in the high-risk IT areas that management and the Audit Committee need to address immediately. Our experienced IT audit professionals identify higher quality audit findings and provide real solutions to assist your IT department in strengthening your company's controls.

IT Application Reviews

SC&H examines Change Controls, Access Controls, and IT Application Controls. In addition to strengthening these IT controls, we team with our CPAs to identify revenue leakage in your operational IT applications using data analysis and data mining techniques.

  • Perform Change Control and Access Control reviews for all ERP packages (Oracle, SAP, PeopleSoft, JD Edwards, Macola, Lawson, Great Plains, MAS 90, MAS 200, etc.), Commercial Off-The-Shelf (COTS) software, web-based applications, custom-developed applications, end-user computing applications, etc.
  • Review and strengthen existing IT application controls (e.g., correct segregation of duties issues and replace manual controls with automated IT controls)
  • Identify opportunities to implement new application controls to streamline your business processes
  • Perform data analysis using Computer Assisted Audit Techniques (CAATs) and data mining to identify revenue leakage

IT Infrastructure Reviews

SC&H starts with vendor and industry best practices for securing your IT infrastructure and then we modify these to fit your IT environment. Policies, procedures, and "hardening" guidelines are documented for each IT infrastructure component. We also provide guidance on selecting and implementing software tools to monitor your IT infrastructure security.

  • Database Management System Reviews: SQL Server, Oracle, Sybase, DB2, etc.
  • Operating System Reviews: Windows, UNIX, Linux, AS/400, OS/390, etc.
  • Network Security Reviews: Firewalls, routers, switches, wireless devices, intrusion detection systems, etc.
  • Computer Operations Reviews: Backup and recovery, job scheduling, problem management, physical access, environmental controls, etc.

Threat and Vulnerability Assessments

SC&H can evaluate the internal threats from employees and contractors and external threats to your company's network and data.

  • Perform threat and vulnerability assessments to identify internal employees or contractors with the ability to cause damage to mission critical IT systems
  • Execute Attack and Penetration (A&P) testing at the Internet and Intranet levels using software tools (e.g., ISS Internet Scanner, nMAP, Nessus, NetIQ)
  • Test wireless and dial-in (remote access) security
  • Review your company's incident response programs

IT Risk Assessments

SC&H's IT risk assessments are based on Control Objectives for Information and related Technology (COBIT) issued by the Information Systems Audit and Control Association (ISACA). COBIT provides leading practices for the management of IT processes in a manageable and logical structure by bridging the gaps between business risks, technical issues, and internal control needs. We use questionnaires, interviews, and information requests of key IT data to create an IT risk assessment report that:

  • Define the IT audit universe - through the identification of critical IT systems and related processes
  • Provide a basis for the risk-based selection of discrete IT audits

IT Policy and Procedure Reviews

SC&H improves your company's IT policies and procedures by tailoring industry best practices for your environment.

  • Evaluate existing IT policies and procedures and compare these to industry best practices (e.g., Cobit, BS7799/ISO17799, Common Criteria, ITIL, etc.)
  • Develop new or improve existing IT policies and procedures
  • Improve the processes for monitoring and enforcing IT policies and procedures across the company

Regulatory Compliance Reviews

SC&H will identify gaps and correct IT internal control weaknesses to meet your regulatory compliance objectives for the following regulations:

  • Sarbanes-Oxley
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA)

Securities offered through 1st Global Capital Corp., Member FINRA/SIPC. Investment Advisory Services including fee based asset management accounts held through NFS, LLC are offered through 1st Global Advisors, Inc. All other financial planning services are offered through SC&H Financial Advisors. SC&H Financial Advisors is not affiliated with 1st Global Capital Corp.
We have individuals licensed in the states of AZ, CA, CT, DC, DE, FL, GA, HI, MD, MN, NE, NM, NV, NH, NJ, NY, NC, OH, PA, SC, TX, and VA.
Maryland license number 496.

To report broken links or other Web Site problems, email Jess Moore .