Todd Herman Associates logo
Business Systems
Business Process Improvement
Data Analysis & Business Intelligence
What's New at Todd Herman and Associates
 
Our Organization Resource Center Site Map Contact Us GETINVOLVED!

Business Systems ›

 Contact us for Business Systems Information

Information Technology Review

Goal...

The overall objective of an Information Technology (IT) Review is to evaluate the controls over information technology that are in place, report on any weaknesses, and make recommendations for improvement.

Key Features...

  • A review of the existence, effectiveness, and adherence of IT controls, often using the CoBIT framework.
  • Assessment of the security of corporate data and assets through internal practices and independent external threat assessment and testing.
  • Financial evaluation of the utilization and return on IT investments.

Deliverables and Approach...

  • Provide report of current state and identified issues.
  • Prioritize key areas for improvement.
  • Recommend steps to address issues and resolve high risk issues quickly.
  • Meet with stakeholders and agree to specific corrective steps.

Plan

  • Determine scope, approach, and agreed-upon procedures with client.
  • Select appropriate framework for assessing the key Information Technology (IT) processes.
  • Obtain overview of the IT resources — including people, facilities, technology, application systems, and data — relevant to the project.

Identify

  • Interview appropriate management to assess both importance and risks of key IT processes and related control objectives.
  • Document findings in an Initial Risk Assessment matrix.
  • Identify high risk areas, and determine key controls to mitigate risks.
  • Discuss initial findings with management.

Test

  • Test the identified key controls — by reviewing logs, observing procedures, and selecting items for substantive testing — to ensure they are working as intended and able to detect material issues.
  • Assess whether responsibility and accountability are clear and effective.
  • Determine if compensating controls exist and are operating effectively.

Report

  • Summarize findings and recommendations from the review.
  • Develop final assessment report.
  • Present report to management and answer questions.

Implement

  • Elaborate, as needed, on the report recommendations to make them clear and practical to implement.
  • Review expanded recommendations with personnel responsible for implementation.
  • Offer on-site assistance and project management services.

Review

  • Conduct post-implementation review with users.
  • Resolve any remaining issues.

How we work with you...

IT Review projects are performed by a consultant — or a consultant team — who understands IT controls and practices in organizations. We have two levels of reviews, each of which can be tailored to suit the client's needs.

Our goal is to become a valued member of your team — working with your people and your business to help you accomplish your goal of an efficient and effective IT Review.

Results and Benefits...

Each client receives an independent assessment of their IT department — personnel, policies, and practices — which can include:

  • Recommendations for improvement.
  • Identification of training needs.
  • Analysis of IT spending effectiveness.
  • Evaluation of the security of corporate assets and data.

For Further Information...

To discuss whether this service could benefit your business, please call us at 336.297.4200 to schedule a no-obligation consultation.
Copyright
Todd Herman & Associates, PA

Our Services | Our Organization | Business Resource Center | Site Map | Contact Us