IT controls and compliance

What threats are we at risk from? And how well prepared are we if the worst happens? 

These questions are increasingly being asked of businesses. IT leaders, internal audit teams and risk functions are having to manage increasing expectations over the extent and quality of assurances that can be provided to mitigate and prepare for these risks.

Whatever your industry, you will have to meet certain and specific compliance and regulatory requirements. Your obligations could be to your: 

  • shareholders;
  • board of directors;
  • an audit committee;
  • your industry regulator;
  • your customers;
  • your wider supply chain; and
  • business partners.

Meeting the expectations and standards required by your many stakeholders can be challenging. We can help you understand these requirements and embed a controls culture with engagement from everyone from board level to control owners. We work with you to design, implement and evidence the ongoing effective operation of your IT and application controls. This includes:

  • Sarbanes-Oxley (SOX) and UK SOX;
  • Centre for Internet Security (CIS 18);
  • Control Objectives for Information and Related Technology (COBIT);
  • National Institute of Security Standards and Technology (NIST);
  • NIS (Network and Information Systems) Regulations; 
  • Information Security Management System (ISO 27001);
  • Payment Card Industry Data Security Standard (PCI DSS); and
  • Information Technology Infrastructure Library (ITIL).

The UK Government (BEIS) published its long-awaited consultation on 18 March 21, on reforms aimed at ‘restoring trust in audit and corporate governance’. The consultation includes a proposal that the UK should adopt a strengthened internal controls regime (similar to US SOX) which requires directors to attest to the effectiveness of internal controls over financial reporting. If you’re a company with a significant public interest (Public Interest Entity – PIE) it’s time to start considering your IT controls, in light of a potential UK SOX.

Could you benefit?

Designing, implementing, and evidencing the effective operation of robust controls is the foundation of a successful organisation.

See the big picture and focus your efforts on proactively managing the key risks before they occur.

Obtain the assurances your stakeholders need and meet the evolving regulatory and compliance requirements.

Improve the organisation through control and process insights, while also reducing control compliance costs.

Our approach

We help our clients in three areas:

  • Understanding your risks – We can help you to understand and prioritise your technology risk landscape. By doing this we make sure that time and effort is spent on addressing the organisation’s most pressing risks.
  • Developing and embedding your control framework – We can help you work with your stakeholders to design and embed effective controls and align the assurance approach. For example, this includes agreeing the standards needed to be met, leveraging automation wherever possible, and aligning the most appropriate control framework(s) to achieve this.
  • Testing your controls and providing assurances – We independently evaluate the design, implementation and evidence the effective operation of the controls. We help provide assurances to stakeholders, typically through a report prepared with you, through a ‘no surprises’ approach.

For more information about IT controls and compliance please contact Steven Snaith, Sheila Pancholi, or Paul O’Leary.