Audit Services

     alt

"Removing the consultancy divisions does not get rid of the fundamental audit / non-audit problems… If stockholders and SEC require real transparency and objectivity, the implications to the auditing industry are even more far reaching than the splits we are seeing."
– GIGA Research

Leveraging the global Big 4 experience and unparalleled tactical, technical and business expertise gained from many years of internal/external audits in the SAP, ERP (Oracle, Peoplesoft, JDE) and SOX compliance landscapes, EnCrisp® can assist in all forms of IT audit assistance work complementing and augmenting your internal as well as your external audit teams.

In today’s complex Information Technology (IT) driven regulatory environment, auditors and the audit committee’s can no longer turn a blind eye towards the conflicts of interests that ensue when an external auditor tries to provide peripheral IT and ERP security, design and assessment services to its audit customers. Regulations such as Sarbanes Oxley in the USA prohibit such peripheral consulting services by external auditors. However organizations can no longer give IT assurance, security and governance second priority. Their problems are exacerbated by the fact that it is extremely hard to retain the specialized and detailed skill sets required for deep and thorough enterprise wide IT application assessments. To counter this challenge organization must establish internally or through co-sourcing with partners such as EnCrisp, an effective internal audit function that can help them achieve their business objectives by ensuring that risk and internal controls have been properly aligned and a framework to monitor these internal controls must be enabled in complex IT systems.

Recent legislations passed in various countries around the world mandate more rigorous review, documentation, testing and evidence of strong business process and internal controls. Such laws are industry agnostic and apply in many instances to all entities (private, public, non-profit and governmental) in differing flavors. Latest guidelines as dictated by the Sarbanes Oxley Section 404 suggest that the internal controls need to be reviewed in ALL material process that affect financial statements. Data flowing through the ERP and complex IT systems is the life and blood of these critical business processes and hence the need for analyzing IT controls for section 404 of Sarbanes Oxley is of paramount importance. EnCrisp provides such IT Audit assurance and SOX testing services to give complete end-to-end internal audit support in an INDEPENDANT manner without any conflicts of interest. Both internal and external audit functions today need strong assistance and resource augmentation on the deep and technical IT and ERP controls aspects of critical business processes.

Recent legislations passed in various countries around the world mandate more rigorous review, documentation, testing and evidence of strong business process and internal controls. Such laws are industry agnostic and apply in many instances to all entities (private, public, non-profit and governmental) in differing flavors. IT is all pervasive in business landscapes and can no longer be ignored in any audit assessment. Data flowing through the SAP and complex IT systems is the life and blood of these critical business processes and hence the need for analyzing IT controls is of paramount importance. EnCrisp provides such IT Audit assurance and SOX testing services to give complete end-to-end internal audit support in an INDEPENDANT manner without any conflicts of interest. Both internal and external audit functions today need strong assistance and resource augmentation for the depth and technical IT and ERP controls skills in critical business processes.

With advent of outsourcing and off-shoring major business processes, corporate governance mandates are also increasingly requiring an independent assessment of IT controls of the third party service provider. This assessment audit usually takes place in the form of a Type I or Type II SAS70 (Statement of Auditing Standard 70). EnCrisp IT controls specialists are well versed in providing non-attest support for SAS70 Type I and Type II audits to provide level of assurance around IT controls of third party service providing vendors. EnCrisp’s global teams can provide such IT Audit services to;

  • Assist and co-develop plans for implementing and executing customized internal cycle audit plans for unique customer situations in IT driven ERP and web application landscapes.
  • Review current IT infrastructure controls surrounding:
    • operating systems
    • databases
    • networks
    • continuity plans
    • change management procedures
  • Evaluate/Develop change management practices to support a controlled environment
  • Develop overall risk analysis of current state environment and Identify areas of concern and co-develop improvement opportunity ideas
  • Utilize experienced individuals and tools to identify risks to each layer of the infrastructure
  • Develop policies, procedures and specific security parameters to control identified risks

EnCrisp Audit specialists in tandem with your existing internal audit organization or independently can provide access to highly specialized IT audit and risk management capabilities in the areas of Information Technology and Security; Corporate governance and regulatory compliance and Business Process efficiency in IT enabled processes.


"Removing the consultancy divisions does not get rid of the fundamental audit / non-audit problems… If stockholders and SEC require real transparency and objectivity, the implications to the auditing industry are even more far reaching than the splits we are seeing."
– GIGA Research

Leveraging the global Big 4 experience and unparalleled tactical, technical and business expertise gained from many years of internal/external audits in the SAP, ERP (Oracle, Peoplesoft, JDE) and SOX compliance landscapes, EnCrisp® can assist in all forms of IT audit assistance work complementing and augmenting your internal as well as your external audit teams.

In today’s complex Information Technology (IT) driven regulatory environment, auditors and the audit committee’s can no longer turn a blind eye towards the conflicts of interests that ensue when an external auditor tries to provide peripheral IT and ERP security, design and assessment services to its audit customers. Regulations such as Sarbanes Oxley in the USA prohibit such peripheral consulting services by external auditors. However organizations can no longer give IT assurance, security and governance second priority. Their problems are exacerbated by the fact that it is extremely hard to retain the specialized and detailed skill sets required for deep and thorough enterprise wide IT application assessments. To counter this challenge organization must establish internally or through co-sourcing with partners such as EnCrisp®, an effective internal audit function that can help them achieve their business objectives by ensuring that risk and internal controls have been properly aligned and a framework to monitor these internal controls must be enabled in complex IT systems.

Recent legislations passed in various countries around the world mandate more rigorous review, documentation, testing and evidence of strong business process and internal controls. Such laws are industry agnostic and apply in many instances to all entities (private, public, non-profit and governmental) in differing flavors. Latest guidelines as dictated by the Sarbanes Oxley Section 404 suggest that the internal controls need to be reviewed in ALL material process that affect financial statements. Data flowing through the ERP and complex IT systems is the life and blood of these critical business processes and hence the need for analyzing IT controls for section 404 of Sarbanes Oxley is of paramount importance. EnCrisp® provides such IT Audit assurance and SOX testing services to give complete end-to-end internal audit support in an INDEPENDANT manner without any conflicts of interest. Both internal and external audit functions today need strong assistance and resource augmentation on the deep and technical IT and ERP controls aspects of critical business processes.

Recent legislations passed in various countries around the world mandate more rigorous review, documentation, testing and evidence of strong business process and internal controls. Such laws are industry agnostic and apply in many instances to all entities (private, public, non-profit and governmental) in differing flavors. IT is all pervasive in business landscapes and can no longer be ignored in any audit assessment. Data flowing through the SAP and complex IT systems is the life and blood of these critical business processes and hence the need for analyzing IT controls is of paramount importance. EnCrisp® provides such IT Audit assurance and SOX testing services to give complete end-to-end internal audit support in an INDEPENDANT manner without any conflicts of interest. Both internal and external audit functions today need strong assistance and resource augmentation for the depth and technical IT and ERP controls skills in critical business processes.

With advent of outsourcing and off-shoring major business processes, corporate governance mandates are also increasingly requiring an independent assessment of IT controls of the third party service provider. This assessment audit usually takes place in the form of a Type I or Type II SAS70 (Statement of Auditing Standard 70). EnCrisp® IT controls specialists are well versed in providing non-attest support for SAS70 Type I and Type II audits to provide level of assurance around IT controls of third party service providing vendors. EnCrisp®’s global teams can provide such IT Audit services to;

  • Assist and co-develop plans for implementing and executing customized internal cycle audit plans for unique customer situations in IT driven ERP and web application landscapes.
  • Review current IT infrastructure controls surrounding:
    • operating systems
    • databases
    • networks
    • continuity plans
    • change management procedures
  • Evaluate/Develop change management practices to support a controlled environment
  • Develop overall risk analysis of current state environment and Identify areas of concern and co-develop improvement opportunity ideas
  • Utilize experienced individuals and tools to identify risks to each layer of the infrastructure
  • Develop policies, procedures and specific security parameters to control identified risks

EnCrisp® Audit specialists in tandem with your existing internal audit organization or independently can provide access to highly specialized IT audit and risk management capabilities in the areas of Information Technology and Security; Corporate governance and regulatory compliance and Business Process efficiency in IT enabled processes.