IT Risks and Controls Review Report

Subscriber Content
Screenshot of the first page of IT Risks and Controls Review Report
Protecting Information Assets

The objective of this audit report is to reduce volume of controls to focus on key risks and associated controls, improve consistency of controls across application, infrastructure and IT processes, and clarify control ownership as needed. This report includes a process overview, risk review, criteria for control changes, key control review, key IT risks, summary of rationalized risks, reduction of controls by risk, a list of control by risk, and next steps.

The following primary opportunities for improvement were identified and documented in this report:

  • Many controls had similar wording and thoughts but were inconsistent from entity area to entity area.
  • Many controls were listed as “key” for multiple areas when those areas were dependent on another process.
  • Good business practices were often included as controls.
  • Controls were identified as “key” but fell below the corporate guidance for dollar threshold.

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.