|Vies Consulting provides wide array of services related to internal audit department of your company. Our effective risk assessments and executions ensure the complete coordination of audit, risk management, compliance, and process quality initiatives. Vies helps you improve existing business processes with appropriate recommendations and solutions. We provide independent and unbiased advice on your business risk management. We follow practices suggested by the Institute of Internal Auditors (IIA) and are proficient at :
We have the breadth and depth of skilled Internal Audit professionals to meet the needs of most organizations. Strategic internal audit partnering that provides flexible world-class solutions tailored to your specific business and technology audit needs. We ensure effective co-ordination for working effectively with senior management, internal audit executives and audit committees.
- Preparing annual enterprise risk assessments;
- Planning and scheduling audits;
- Performing audits and reporting audit results; and
- Presenting findings to Executive Management and Audit Committees.
We implement a "Risk Based" internal audit approach through
SERVICE DELIVERY MODELS
- Defining In-Scope Areas
- Process understanding
- Financial, Operational and Compliance Risk Assessment
- Control Gap Assessment
- Assisting the management in implementing a cost effective remediation plan
- Re-assessing the remediation for effective implementation
- Process Re-engineering & Implementation
We can assist management by complete outsourcing and co-sourcing models for assistance in the internal audit.
Vies can provide with tailor made solutions to accelerate the establishment of an Internal Audit function or strengthening an existing Internal Audit capability. We can perform an end to end internal audit function for your organization.
- Co-sourcing and Specialized Resource Enhancement
Certain areas of internal auditing require high level of technical and expert resources for accomplishing the task. Also for many midsize entities, hiring and motivating specialized resources in-house is nearly impossible. Vies can partner with you to provide access to specialists at rates that are competitive with in-house resources. Vies offers a flexible approach to integrating our audit professionals with your Internal Audit team.
Business is today more than ever dependent on technology to make it successful. With the increased dependence on Information Technology (IT) confidentiality, integrity, availability and reliability of systems have become an integral part of the business. Any compromise on these dependent drivers can result in loss of important business information. IT auditing helps a company understand the key technology risks and how well the company is mitigating and controlling those risks. IT audit also provides insight into the threats inherent in today’s highly complex technologies. Furthermore, a company’s information technology system and environment are subject to increasing regulatory and compliance requirements. A company’s IT audit function can play a key role in a wide array of compliance responsibilities.
We can work in association with your existing IT audit function to build, execute and monitor a risk-based IT audit plan. We can also independently handle the IT audit function for your organization. These services help management better understand and assess the performance of the IT function as well as ensure that the proper levels of controls are placed in IT initiatives. Our methodology is based upon COSO and COBIT frameworks to facilitate an overall IT audit management team with execution of individual projects by experts in each IT audit area.
IT General Controls Review
General controls apply to all areas of the organization. These include policies and practices established by management to provide reasonable assurance that specific IT objectives will be achieved. The control procedures include:
- Internal accounting controls, primarily directed at accounting operations that concern the safeguarding of the assets and the reliability of financial records.
- Operational controls related to the day-to-day operations, functions and activities, and that ensure the operation is meeting its business objectives.
- Controls are maintained over the change management process from initiation, developing, quality assurance and implementation of changes for data, application and network. Ensuring adequate segregation of duties is maintained for change management.
- Review of SDLC projects for initiation, approval, development, QA, UAT and implementation of the projects.
- Administrative controls support the operational controls specifically concerned with operating efficiency and adherence to organizational policies:
- Organizationally sound, logical security policies and procedures to ensure proper authorization of transactions and activities.
- Overall policies for the design and use of adequate documents and records to help ensure proper recording of transactions and audit trails.
- Procedures and features to ensure adequate safeguards over access to and use of assets and facilities.
- Physical security policies for all data centres
Application controls refer to the transactions and data relating to each computer-based application system, and therefore, they are specific to each. The objectives of application controls, which may be manual or programmed, are to ensure the completeness and accuracy of the records and the validity of the entries made therein resulting from both manual and programmed processing. Application controls are controls over input, processing and output functions. Application controls include methods for ensuring that:
Our approach to application reviews involves obtaining a detailed understanding of the business process and the underlying application systems. Our team of consultant's help our clients understand business process risks and map these to existing application level configuration, security, and programmed controls. These controls may consist of edit tests, totals, reconciliations and identification and reporting of incorrect, missing or exception data.
- Only complete, accurate and valid data are entered and updated in a computer system.
- Processing accomplishes the correct task.
- Processing results meet expectations.
- Data are maintained.
Technology Risk Assessment
Managing complexities of Information Technology (IT) is a major challenge faced by businesses. The convenience of using IT system springs in risks like compromise of security, data and other important business information.
We advise and assist in identifying threats, vulnerabilities and risks to these information assets through a detailed threat and risk assessment exercise. We also identify the controls and associated risks that could affect your ability to rely on your IT processes. We use the report card approach for grading the IT risks facing your company - and, like any report card, showing areas for improvement.
Sarbanes-Oxley IT Compliance
Our Sarbanes-Oxley IT Compliance Services provide clients with the required documentation, review, remediation and testing required for Sarbanes-Oxley (SOX) compliance. We help in testing for compliance for requirements of Section 404 of the Sarbanes Oxley Act.
We provide services for assessment, testing, reporting and ongoing monitoring to help clients evaluate and document the effectiveness of their internal control processes. Our IT General Controls testing methodology is deployed for testing and assessment of the IT compliance for Sarbanes Oxley Act.
SAS 70 Support
The outsourcing of processes for data processing and other IT services has now become a necessity for organizations. The convenience of outsourcing however creates a risk of loss of control over the process and transactions. For ensuring the controls for processing of important financial information are maintained by the service providers must demonstrate they have adequate controls and safeguards in place. The Statement on Auditing Standards 70 (SAS 70) audit, conducted by an independent third party, provides just this assurance.
Sarbanes-Oxley compliance requirements make a SAS 70 audit even more important in reporting on effective internal controls. We provide the expertise and resources needed to complete for testing as well as implementation of the SAS 70.
|SOX provides the foundation for new corporate governance rules, regulations & standards issued by the Securities and Exchange Commission. It covers a range of provisions from criminal penalties to Corporate Board responsibilities. SOX also covers issues such as independent auditing requirements, corporate governance, internal control assessment, and enhanced financial disclosure.
Looking to reduce SOX compliance costs and effort? After more than 5 years of SOX compliance has been evolved steadily and our model for on-going SOX testing is designed with this in mind. We help internal departments through the peak periods of second, third and fourth quarter testing. Our approach incorporates low cost qualified SOX testing resources to reduce overall SOX compliance costs. In fact, you'll find our on-going sustainment costs to be among the lowest in the industry.
To enable the project to be focused and on-track, we provide leadership and coordination throughout our Sarbanes-Oxley assistance projects. We assist management in the following services related to Sarbanes Oxley compliance:
- SOX compliance [implementation & maintenance] as per requirements of Sarbanes Oxley Act including documentation at all levels
- Risk assessment and risk analysis of business processes. Study, review and implementation of operational and financial controls in view of requirement of Sarbanes & Oxley Act
- Process Mapping [Including SAP]
- Flowcharting [Top Level and Process Level]
- Narratives [description of the process]
- Risk Control Matrix [RCM]
- Risk Assessment [determining probability of occurrence of risk determining magnitude of impact of risk, risk rating]
- Process Walk Through and Control Walk Through
- Test of Design [TOD]
- Test of Operating Effectiveness [TOE]
- Control and Key Control Assessment
- Control Implementation
- Assessment of Remediation Measures for Control Design and Implementation
- Spread Sheet Control Assessment
- Documentation of Accounting Entries
- Financial Statement Assertions Assessment