A not-for-profit had recently seen many changes to its global IT environment, including the introduction of new systems and applications. The not-for-profit had limited IT audit resources and needed assistance with mitigating risks to its IT systems and data, as well as with developing plans for implementing leading practices around its IT function.
The not-for-profit engaged Baker Tilly to perform an audit of IT general controls and application controls for both cloud-based and hosted applications. The scope of our IT general controls review spanned diverse IT areas, including information security, logical and physical access controls, IT governance and planning, compliance, change and configuration management, vendor management, systems operations and distributed processing. Our application controls review included 10 major business applications, including both cloud and on-premises managed solutions. As part of the engagement, our team took an inventory of all existing controls and validated their operating effectiveness. We also documented and presented our observations, noted opportunities for improvement, and provided recommendations to internal audit and IT process owners.
The organization received practical recommendations based on industry leading practices to improve the design and operating effectiveness of IT general and application controls in a written report. The organizations plans to use our recommendations to drive their IT planning and budget process, in order to overcome identified challenges, implement necessary leading practices, and enable their IT department to more effectively support achievement of the organization’s overall goals and objectives.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.