Application Controls Advisory




If your organization is reengineering its business processes through client/server application suites such as Oracle Financials, PeopleSoft, or JD Edwards, or simply wants to fine-tune the automated controls embedded in its existing business consider our Application Control Advisory services. 

We can help you identify, document and test the effectiveness of your controls, maximize efficiencies and minimize IT risks. Our approach is process-driven and generally includes reviewing the automated and manual processes along with the supporting applications. 

We have a risk-based methodology and tools that make our process effective and efficient. Our Application Controls Advisory Services typically include the following components, yet these can be scoped independently:

  • Process and Configuration Review – Evaluate manual and automated controls including the review of system settings and configurations embedded in the process.
  • Application Security – Analyze segregation of duties through the system and your organizational requirements.  Evaluation of restricted and privileged access. 
  • Infrastructure Security  – Review security over the logical access path supporting the significant applications, including operating system security, program change, availability and computer operations.

These services can be performed in the following format:

Pre-Implementation

Prior to rolling out a new application, we can help you anticipate control deficiencies and prevent embarrassing and often costly control gaps. We identify issues and provide you with solutions that can be incorporated in the overall design of controls.

You will benefit from having identified policies, configurations and security issues (i.e., segregation of duties) that need to be in place prior to going live. You, your auditors, audit committee, users and other stakeholders will benefit from having an independent third party evaluate whether the combination of automated and manual controls provide you with a sound control environment.

Post-Implementation

Our Application Controls Advisory Services can also be used post-implementation as a way to validate the control configurations, security and segregation of duties. After the implementation of new systems, companies often discover that controls they used to rely upon are no longer present or that they suffer from redundancy and inefficiency within a business process. We evaluate the balance between manual and automated controls. We provide you with findings and recommendations to help you correct unwanted control gaps, as well as discover opportunities for efficiency.