• Document client General Information Technology processes and controls (GITCs).
• Relevant GITCs include:
• IT Application, Infrastructure, Operating System change management
• Privileged Access at the Application, Database, and Operating System levels
• IT Segregation of Duties
• Access Provisioning / Deprovisioning
• Application user access reviews
• Application segregation of duties
• SOC 1 report review and documentation
• Understanding and testing completeness and accuracy of system-generated reports used in the
performance of controls.
• Understanding and testing ERP application controls
• Critical analysis of operational and IT controls and other risk management activities
• Provide innovative and creative ideas to formulate risk-based audit approaches.
• Perform tests of client IT controls to determine the operating effectiveness of these controls and
communicate testing results and conclusions.
• Prepare documentation and communication regarding the status of projects to clients.
Work closely with client personnel to assist with improvement and efficiency opportunities