Controls Advisor, LLC

Traditional Audits and Audit-READY certification cover a spectrum of IT-related controls expected by corporate management, regulatory agencies, and other outside parties.  Designations for each type of audit and sub-categories for certification include:

ITGC Information Technology General Controls Review consists of an evaluation of general controls in an IT environment, including, but not necessarily limited to IT Administration, Operations, Physical and Logical Security, and Management Oversight & Governance 

ITAD Information Technology Application Development

Review of application development and deployment/SDLC process and reviews effectiveness of application security controls

ITPO Information Technology Project Oversight

Consists of monitoring, evaluation, and input throughout the life-cycle of IT projects, including review of project plans, milestones, change management, and appropriate reporting, while keeping the project in line with audit standards and expectations of outside parties.

ITRR Information Technology Regulatory Review

Consists of our ITGC and/or ITAD reviews but also adds additional testing of controls required by regulatory agencies, depending on the audit clients’ specific industry.  For example, Healthcare, Insurance, Pharmacy organizations will likely require additional controls mandated by HIPAA.  Food/beverage/pharmaceutical manufacturing clients are often reviewed by the FDA.  Financial service and Banking clients are regulated by GLBA privacy and others.  Publicly Traded companies require controls which satisfy the Sarbanes-Oxley act (SOX).  We work to ensure the audit scope and certification include our testing of controls required by outside parties.