Retail Sector Client
eSunLinc was involved in defining and executing the IT SoX Compliance program and this included documentation, testing, remediation of control gaps and retesting. Compliance testing included IT General Controls (ITGC), Operating System (OS) Controls and Application Controls. Our consultants also tested various applications that impacted financials and interface controls between various applications.
After initial testing, our consultants reviewed the control gaps with IT and various business processes teams in SoX committee meetings and helped them in the remediation process. Remediation involved addressing gaps at the process, people and technology areas. We helped the client develop IT policy and procedures, select a software tool for incident and problem management, and develop an IT Security awareness program.
Warehousing and Logistics Client
For this client, eSunLinc helped in SoX Year 1 Change Management & Software Development Life Cycle (SDLC) testing. Testing involved reviewing the existing change management process, inquiring Project Management and various IT teams about SDLC and change management, testing, documenting the results and finally reviewing the audit findings with CIO and IT Directors and providing them a remediation road map.
Year 1 SoX project involved defining their audit program and test procedures based on COBIT and other good practices for Change Management, Logical Access, IS Operations, Entity Controls, AS400 and Windows Controls, and Application Controls. After initial definition of controls and testing procedures, we were heavily involved in SoX testing and remediation. Findings were reviewed with the SoX committee meetings and also helped the client create remediation plan. After remediation of control gaps by IT, we retested the controls for operating effectiveness.
The lessons learnt from year 1 were used to redefine the Year 2 IT audit program. The objective was to reduce the time and expenses spend on IT SoX testing. We developed risk-based approach rather “test all” and identified areas where risk and financial impact was high. By developing a risk-based approach, we redefined the controls required for IT SoX by grouping similar business processes and this in turn reduced sampling and testing time significantly. This helped the client reduce the head count by 50%; in turn we went from 4-member team to 2. Risk based approach also helped us align IT SoX testing better with various business processes and drove the emphasis on critical areas that impact financials.
Disaster Recovery and Firewall Audits
For a hospitality client, we reviewed their Disaster Recovery and Firewall Programs, and this audit review included scoping the work, developing audit plan, testing the controls and documenting gaps. Audit report was prepared with the findings, risk and recommendation.
eSunLinc helped one of its clients developed an elaborate web portal for the African entertainment industry. The project involved understanding the needs of the clients, scoping the work, managing the project with a team of web designers and developers overseas, and completing the project in a timely manner and under budget