IT Risks and Controls Review Report

Subscriber Content
Screenshot of the first page of IT Risks and Controls Review Report

The objective of this audit report is to reduce volume of controls to focus on key risks and associated controls, improve consistency of controls across application, infrastructure and IT processes, and clarify control ownership as needed. This report includes a process overview, risk review, criteria for control changes, key control review, key IT risks, summary of rationalized risks, reduction of controls by risk, a list of control by risk, and next steps.

The following primary opportunities for improvement were identified and documented in this report:

  • Many controls had similar wording and thoughts but were inconsistent from entity area to entity area.
  • Many controls were listed as “key” for multiple areas when those areas were dependent on another process.
  • Good business practices were often included as controls.
  • Controls were identified as “key” but fell below the corporate guidance for dollar threshold.

Topics
Audit Reporting
IT Audit
Segregation of Duties
Sarbanes-Oxley Act
IT Controls
Internal Controls
IT Risk

Related Resources

Checklists & Questionnaires

IT Risks and Controls SOX Compliance Questionnaire

Audit Reports

Segregation of Duties Review Report

Newsletters

Technology Risks and Controls: What You Need to Know

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It