Aligning the needs of the information technology (IT) department with the company’s regulatory compliance requirements is the most important aspect of audit readiness. However, in order to maintain independence, some internal and external audit functions have been less than helpful when it comes to assisting technology managers with audit and documentation requirements prior to the audit.
fyoozhen+Consulting offers a wide array of services to assist, educate and enable IT departments in their readiness and remediation efforts. Our understanding of information technology management and audit requirements allow us to deliver very specific and meaningful solutions.
Information Technology Audit Readiness and Advisory Services
Regulatory Compliance Advisory Services for Information Technology
Audit requirements are never a reason to redefine the operational framework of an entire information technology function and technology managers should think twice before implementing such drastic steps for the purpose of audit. While most established information technology departments have implemented business processes as a part of their ongoing operational standard, the quality of the documentation was not sufficient to survive the scrutiny of internal or external audit requirements.
fyoozhen+Consulting assists IT departments with defining and implementing appropriate levels of controls and evidentiary documentation that complements the current operational processes – not replaces it. We advise technology managers on control and narrative documentation and deliver a targeted, specific and well defined operational framework in support of continual maintenance for audit.
Technology Business Process Engineering and Review
Approximately one-fourth of a Sarbanes-Oxley information technology audit relies on evidence generated from people participating in a process. Many times information technology departments over-think these processes, believing quantity of documentation is the key to a successful audit.
fyoozhen+Consulting believes targeted and precise information resulting from the executed business process is the key to a successful IT audit. We consult with technology departments to identify their current process, align the process with the appropriate departmental control and strategically design the resulting evidence insuring little room for misinterpretation from internal or external auditors.
Information Technology Department Advocacy (Internal and External Audit)
fyoozhen+Consulting believes in the importance of advocacy. We educate your internal and external auditors to ensure that they have a complete understanding of the controls that were implemented, the processes that were engineered in support of those controls and the purpose/meaning of the evidentiary documentation prior to the next audit cycle.
We also make ourselves available during the audit cycle to ensure the IT department has an advocate that is fluent in the languages of technology and audit, thus able to navigate complicated and sometimes convoluted testing results and remediation requests – with the intent of preserving the operational framework of the IT department.
Information Technology Internal Audit Services
Information Technology Internal Assessment
fyoozhen+Consulting offers internal audit assessment services for companies whose internal audit teams require assistance or for companies without an independent internal audit function. Because of the unprecedented levels of efficiencies we have designed into our internal audit process, our cost structure is not hourly, but fee based.*
fyoozhen has developed proprietary software – fyoozhenSoftware’s Core Edition** - to deliver to our clients an IT audit of exceptional quality, on an accelerated timeline, with little or no impact to the information technology staff.
Information Technology Audit Framework Implementation and Review
fyoozhen+Consulting has extensive experience in IT audit framework implementations. Using the Control Objectives for Information Technology (CObIT) framework, we align the audit framework to the existing IT operational environment and deliver an audit plan consistent with published recommendations for audit readiness. fyoozhen+Consulting also reviews a company’s current audit framework to identify weaknesses in the control or testing documentation and identify redundant controls and tests for a more efficient audit.
fyoozhen+Consulting meets with your external auditors to ensure that the audit framework meets their internal assessment requirements prior to the next audit cycle.
Multi-regulation Control Consolidation
Multiple regulatory requirements in an organization can create silos of control and audit information. fyoozhen+Consulting assists both the information technology and audit teams with identifying the overlapping controls and tests and developing a single IT audit and operational framework in support of all of the regulatory requirements.
* Fee schedules are determined by the scope of the audit being performed. Fees do not include travel and expense incurred by audit professional in the course of performing the audit activities. Flat fee services are dependant upon implementation of fyoozhenSoftware’s Core Edition. All other consulting services are billed on a per hour basis.
** fyoozhenSoftware’s Core Edition is available exclusively to fyoozhen+Consulting, Inc. internal audit clients only and is not available for resale.