Outsourced IT Audit Case Study

For years, a large financial institution had been using internal resources to perform IT audit functions. This was an ideal arrangement for some time until the environment became so complex with multiple systems, network architectures, and security controls that it became impractical to maintain enough internal expertise to effectively perform the required audits.

The institution contacted TrustCC about engaging with them on a co-sourcing or out-sourcing arrangement to help them manage their constantly increasing audit scope. An agreement was reached and we went to work.

Weeks were spent analyzing the organization’s audit program and procedures and it was mutually determined that the best approach would be to rebuild their audit program from the ground up using a risk based approach. The organization was also required to perform Sarbanes-Oxley testing so the audit program would have to integrate the standard audit requirements with the complex reporting requirements of SOX as well as the requirements from the organization’s external audit firm.

Because TrustCC personnel maintain expertise in a wide array of technologies including Microsoft, Cisco, mainframe, and security we were able to reorganize the audit program to utilize this expertise and simultaneously reduce the organization’s overhead with regards to IT audit, develop a more in-depth audit program meeting all of the requirements of their audit department and financial institution regulations, and through an intricate cross-reference system, eliminate audit redundancy. The organization continues to outsource to TrustCC today and because of the expertise provided, the stream-lined audit procedures are less demanding on the IT department and the once strained relationship between IT and the audit department has been restored to a healthy working environment.