Sarbanes 404 Technology Audits

To minimize your annual SOX compliance costs, you have selected an existing employee to complete the majority of your work relating to SOX, but they do not have the skills to perform some of the necessary tasks in the technology field.

Building a SOX 404 IT Test plan based on an IT risk assessment, estimating the hours to perform the tests, evaluating the materiality of test results and defending your conclusions in the technology area are tasks you need done by a trusted source. But, can this trusted source bring in the test plan on or below budget? Will they do work of sufficient quality? Will the external auditors rely on their work? If you contract FDC Associates as your trusted source in Technology auditing, the answer is yes.

Here is what the SOX Project Manager for a Major Regional Bank had to say about our work--

"They built and executed a 1500+ man-hour SOX technology test plan for our bank and completed it within 3 hours of budget. Our external auditors, Price Waterhouse Coopers, agreed with their risk assessment methods and scope, their test plan and its execution. Their supporting documentation and conclusions were right on the mark and PWC relied 100% on their work, saving us a significant amount of time and money."

Create synergies and use your SOX tests and apply these tests to other areas where technology audit assurances are needed. Internet Vulnerability and Network access control tests, needed for the SOX entity level IT General Controls, can also satisfy your GLBA or HIPAA privacy requirements. Leverage your IT risk assessment by identifying all the areas that share a single business risk.

FDC Associates' extensive use of automated auditing tools, and the knowledge of which tool to apply, enable us to quickly and accurately observe the implementation and functionality of technology controls to provide you with solid documentation and actionable information for exact remediation efforts.

We can provide your firm with the technology audit services you need on a 'Turn-key' or 'ad-hoc' basis, utilizing your staff whenever possible to reduce your auditing costs. We specialize in:

Internet Penetration Testing

Network Security and Vulnerability Reviews

Server and Database Security Reviews

Active Directory and Application Security Reviews

Service Provider and User Control Considerations

Sarbanes-Oxley Technology Reviews

IT General Control Reviews

Our credentialed staff has provided these specialized services for over 500 clients across the United States and over 30 countries abroad. From expert risk assessments to field work, testing and understandable independent reports, we get it done. For more information on how FDC Associates can your IT Audit and Governance Solutions provider, complete an Information Request or Contact Us.