Controls execution and documentation
Our skilled team will take care of end-to-end execution of controls including data extraction, notification for review and approvals, summary of outcome and complete documentation. Our offshore-nearshore model ensures cost savings for clients and oversight is provided by managers who come from Big Four backgrounds to ensure top-class quality output.
An example use-case for controls execution: Segregation of Duties quarterly review
Agree controls timetable
We agree an annual controls timetable with the client controls/compliance teams to ensure alignment on critical audit dates. For example: SOX control requirements for IT General Controls frequently expect Segregation of Duties access reviews every quarter.
Execute control activity
The key activities required for the control are executed by our team. For example: we extract the Segregation of Duties reports from the required GRC system and format the same, as required by the customer.
Provide evidence to control owners
As per control design, we provide the output to the control owners to make a decision, as required by the control. For example: the Segregation of Duties reports are shared with the Global Process Owners for review and comment re: access removal or description of mitigating controls.
Controls documentation
Audit evidence, in the form of IPEs (Information provided by the Entity) or controls documentation as per client requirements is created and shared for review by our skilled team. For example: a step-by-step IPE for the quarterly SOD review process is produced and shared for review.
Support auditor reviews
With our experienced staff, we support the controls owners during the internal or external audit reviews of the controls. For example: If the auditor has any questions about the Segregation of Duties report or evidence, we provided a detailed analysis to ensure audit queries are answered and the correct outcome is achieved.