What do IT General Controls (ITGC) and SOX compliance readiness bring to mind? Does your company treat IT General Controls as a project or process?
The Problem of Pop-Up SOX Compliance Projects
Many enterprises and newly-listed companies move quickly with unexpected ITGC and SOX compliance projects to meet emerging requirements. After heavy IT interventions, costly multi-stakeholder coordination, and trial-and-error bottlenecks, an internal IT audit is finally complete, the auditor’s opinion on internal control over financial reporting is gained and the compliance project is temporarily gone. CFOs, Compliance Officers, and management teams must realize that SOX compliance is not a project that is long forgotten after the audit period but an ongoing business process, one that is in urgent need of a 21st Century digitization. Legacy internal IT audit processes need to be modernized. Too long has the complexity of internal IT audits been allowed to go unchallenged. If the aim of IT risk management is to ensure that enterprise IT infrastructure remains an asset instead of a liability, then challenging IT audit inefficiency should be standard practice.
Allow us to illustrate the point with two brief anecdotes
Case 1: picture the screen
Before founding AudITech in partnership with the VAT IT Group, we worked with Big 4 consultants, advising global enterprises on IT risk management. We found ourselves talking with IT teams for hours, wasting their time, taking endless and often irrelevant screenshots of IT system backup settings. After all, you have to leave an audit trail, right? Many of the IT system settings we took screenshots of could and often did, change soon after, rendering most of the process almost redundant – redundancy that eventually heavily impacted cost-efficiency.
Case 2: ‘Whatever you say, .doc’
Working with external auditors, we witnessed so many ITGC evidence documents requested in order to close perceived compliance gaps that in most cases simply weren’t relevant or valid. As auditors usually take samples of the audited population and do not examine the population as a whole, so that many risks stay under the surface. The same risks that ITGCs are supposed to monitor.
Don’t Blame the Player, Blame the Game
Let’s get one thing straight – we’ve worked with some inspiring, intelligent, and highly competent people. The compliance industry and the companies it works with are full of talent. The problem of IT audit and ITGCs complexity isn’t the people involved, the auditors, or the in-house audit stakeholders they work with. The problem is a collective lack of insight about new, digital possibilities in this space, and sticking to old habits, financial year after financial year. Too many enterprises and newly-listed companies force their organization to work for the audit instead of innovating digitally so that the audit works for them.
It’s time for IT audits and SOX compliance readiness to go digital.
Digital IT Audit Automation Is Here. Now Is the Time for Industry Adoption
When introducing ITGC automation to Big 4 clients, it became obvious that compliance stakeholders – both external and internal – just wish there was a simple technological solution that would ease off the work and reduce the pain involved in SOX readiness. We’re reaching a moment in our industry in which manual work can become a real burden, slowing companies down, making organizations less efficient, and as a consequence – less competitive.
What does it mean to ‘go digital’ with ITGCs and SOX readiness? It means that all your in-scope IT systems are audited automatically using out-of-the-box integrations. It means pivoting from manual, complex system-by-system ITGCs monitoring, countless email exchanges, and endless screenshot evidence collection, to IT General Controls automation tools with minimal human interventions. Instead of forensically examining each IT asset individually, it’s now possible to integrate all IT systems into a single platform and achieve continuous controls monitoring.
No more IT interventions
One of the biggest challenges of a successful IT audit is getting the expertise and access. A single IT audit can involve countless people working with the IT department that holds the keys to all company IT assets. When you automate and digitize IT audits through a SaaS platform, complex collaboration and access roadblocks give way to seamless A-to-B straight-line audits owned and managed within a single source of truth, allowing your time-to-audit is cut by weeks.
No more granular pop-up compliance projects
Digitizing ITGC monitoring and internal IT audits through automation will bring an end to pop-up SOX compliance projects designed with urgency in the heat of the moment. Instead of one-time compliance missions involving numerous stakeholders, enterprises and newly-listed companies can create live, ongoing compliance processes of continuous and effortless ITGCs monitoring. The net benefit, in the long run, will be faster time-to-compliance year after year, with decreasing cost, risk, and investment.
AudITech Has Made IT Audits Smarter, Simpler, and Valuable
Take the first step towards ITGC digitalization. Ask us for an AudITech demo and we’ll show you how to complete certifiable IT audits in minutes, with complete, auditor-recognized documentation provision. Speak to us about your current ITGCs monitoring process and SOX compliance. If you’re unsure how ready your ITGCs are and what you need to do, we’ll guide you through it and show you how to establish a clear set of internal IT general controls.