bridging the gap between technology and the people who use it

Sarbanes-Oxley Services

Are you looking to reduce IT SOX compliance costs and effort? SOX compliance has evolved steadily and AS-5 has changed how organizations should approach their compliance program. Our team will help the internal IT department develop a compliant control structure that meets SOX requirements without needless controls or unnecessary paperwork. The goal is to reduce your overall SOX compliance costs and provide your organization with the tools and expertise to become self sufficient at SOX compliance.


IT Risk Assessment
Identifying the correct scope of key IT controls is paramount to a successful compliance program. Many organizations skip the risk assessment or do not understand the impact it has on the overall compliance program. We will help you create a Risk Assessment that will ensure your compliance program is designed appropriately for your organization. We will also provide a framework that will enable you and your team to assess risk and document this important process.


IT Controls Documentation & Testing
Assessing and testing IT controls requires highly specialized and technical skills. Although many public companies have an Internal Audit capability, many lack the skills in-house to effectively document and test IT controls. We have the technical skills required to work with ERPs, databases, networks and websites as well as IT processes.


Controls Remediation
Correcting control design and operating effectiveness gaps often requires changing processes and/or implementing new technologies. To do so successfully, a change agent must understand how to gain acceptance by the organization for the change as well as know the many process and technology alternatives to consider.


During the SOX effort, we will identify, track and report any internal control deficiencies as well as their impact to financial reporting. We will coordinate any necessary remediation activities and help your team meet the control objectives. We will provide as much guidance on remediation as possible during the documentation and testing effort.


Contact Trevor & Associates.

Getting Results
A strong internal audit can be the difference between catching a security failure and spending weeks and months doing a forensic investigation of a breach. With this in mind, professional services firm Pricewaterhouse
read more ...
Organizations need to shield themselves from the rising threat of cyber-attacks and sophisticated sabotage directed at IT infrastructure, according to a report issued by security specialist McAfee and the Pacific Northwe
read more ...
It has become a cliche in information security: Compliance is not security. But there is still an unsettling amount of denial out there, based on a recent study from HIMSS Analytics and Kroll Advisory   Solutions.
read more ...
An OEM manufacturer was operating on an old revision of a mainstream ERP that they were planning on replacing in the near future. Over the years, the company had tried different access methodologies for this ERP, always
read more ...