Skip to main content
Group 2 Created with Sketch.
Mann am Laptop
Group 2 Created with Sketch.
Risk Advisory Services (RAS)

Implementation and testing of IT Control Systems

Ensuring IT-Compliance through effective ITGC and ITAC

Our IT control system implementation and testing services provide you with comprehensive assurance regarding the effectiveness and security of your IT processes. We focus on IT General Controls (ITGC) and IT Application Controls (ITAC) to ensure that your IT systems are properly controlled and protected. We look at the main ITGC areas such as user access management, change management and operations. We also pay particular attention to ITAC, i.e. automated controls in ERP systems, as well as the documents provided by your company (IPE - Information Provided by Entity and IUC - Information Used in Controls).

Our aim is to guarantee the integrity and security of your IT processes and to ensure compliance with legal requirements such as the Sarbanes-Oxley Act (SOX). These requirements set high standards for internal controls and IT systems, which we consider in our audits to ensure your company's compliance. SOX compliance is particularly important as it creates investor confidence and ensures the reliability of financial reporting. Failure to comply with SOX can lead to heavy penalties and reputational damage.

These requirements set high standards for internal controls and IT systems, which we consider in our audits to ensure your company's compliance.

Types of IT-Controls

Our IT control system services include various types of controls that are specifically tailored to your company's requirements:

  • IT General Controls (ITGC): These controls are essential for the general IT infrastructure. They generally include:
    • User Access Management: Ensuring that only authorized persons have access to systems and data to prevent unauthorized access and protect the integrity of the data.
    • Change Management: Control all changes to IT systems to ensure that all modifications are properly authorized, documented and tested before they are implemented.
    • Operations: Ensuring the continuous operational readiness and integrity of IT systems through measures such as data backup, system monitoring and incident management.
  • IT Application Controls (ITAC): These automated controls relate to ERP systems and other business-critical applications. They ensure that all transactions and processes are processed correctly, and that data integrity is guaranteed. We pay particular attention to the interfaces between the applications to ensure that the integrity of the transferred data is always guaranteed.
  • IPE (Information Provided by Entity) and IUC (Information Used in Controls): We check the quality and availability of the information used in the IT controls to ensure that the data provided and used is reliable and correct. This also includes checking the data flows via interfaces to ensure that the integrity and completeness of the data remains guaranteed in all systems.
  • Interface audit: Checking the completeness and appropriateness of all interfaces between ERP systems and other IT components. This check ensures that data transfers are correct, complete and secure to minimize risks from incorrect or incomplete data transfers.

Why are the implementation and audit of IT-Control Systems important?

Effective implementation and testing of IT control systems are essential to ensure the security and reliability of your IT infrastructure. These systems minimize risks and ensure compliance with legal regulations.

Gear, Outside 6 points: Completeness & appropriateness, risk minimisation, efficiency improvement & error minimisation, data integrity & security, business continuity, trust & transparency

What does the introduction and audit of an IT-Control System entail?

  • IT General Controls (ITGC)
    ITGC are fundamental controls that ensure the secure and effective functioning of your IT infrastructure. Our audit includes:
    • User Access Management: Check whether access to systems is properly managed and whether the role and authorization structures meet security and compliance requirements.
    • Change Management: Evaluate the processes for managing changes to IT systems to ensure that all modifications are controlled and documented.
    • Operations: Analysis of processes to ensure the continuous operational readiness of the systems, including data backup strategies and monitoring.
  • IT Application Controls (ITAC)
    ITAC refers to the automated controls within ERP systems and other business-critical applications. We test whether these controls are working properly and processing data correctly to minimize risks such as incorrect postings or inaccurate reports. A particular focus is on testing the interfaces between these applications to ensure that data integrity is maintained.
  • IPE and IUC – quality of the Information Provided and Used
    We check the quality of the information used in the IT controls (IPE and IUC) to ensure that this data is accurate, complete and available. This is crucial to ensure that all controls are based on reliable data, especially when it comes to data that is exchanged across different systems.
  • Interface Audit – Completeness of data transfers
    We check the completeness and appropriateness of all interfaces between ERP systems and other IT components to ensure that the data transfer is correct, complete and secure. We also check the middleware used (if applicable) and the necessary access authorizations.

Process description

Our process description for the introduction and testing of IT control systems includes the following steps:

  • Initial risk analysis: Identification of the risks relevant to the audit and definition of the scope of the audit, including the assessment of relevant interfaces and their security measures.
  • Testing and data collection: Analysis of existing internal controls, including testing of interfaces and verification of the reliability of data from linked systems (IPE and IUC).
  • Evaluation of controls: Assess the effectiveness of implemented controls over security, availability and data integrity, with a particular focus on interface management and the proper processing of information to ensure that data transfers between systems are accurate.
  • Preparation of the audit report: Detailed report with confirmation of the effectiveness of the controls and recommendations for improvement.
  • Debriefing and recommendations: Discussion of the results with you and support in the implementation of the recommended measures, to optimize the interfaces between the systems.

Resources and Flyer

More information about TIC Council Compliance Code Audits.

FAQs

What are IT General Controls (ITGC)?

ITGCs are general IT controls that ensure that a company's IT infrastructure functions securely and efficiently. They cover areas such as user access management, change management and operations.

What are IT Application Controls (ITAC)?

IT Application Controls are automated controls in ERP systems and other applications that ensure that transactions are processed correctly, and data integrity is guaranteed.

Why are IT Control Systems important?

IT control systems are critical to ensure the security, integrity and availability of IT processes and to ensure regulatory compliance.

How does the audit process for IT controls work?

The audit process includes the planning, testing and reporting phases in which the systems are analyzed, tested and documented to ensure that all IT controls are properly implemented.

What is IPE and IUC?

IPE (Information Provided by Entity) and IUC (Information Used in Controls) are information provided by organizations and used in IT controls. Their quality is critical to the effectiveness of the controls.

Our Experts

Learn more about our services in the field of ‘IT Control Systems’ and feel free to reach out to our Expertsfor a non-binding consultation.

Contact us for more information on IT control systems

You may also be interested in