System Implementation & System Access Controls Assurance Services
Proactively Manage Project Risk
Major system upgrades, implementations, and system access controls affect all aspects of your business, not just information technology. These projects are non-trivial, costly, and represent a material change to your system of internal control. Sound internal and system access controls are used to prevent fraud, financial misuse, and safeguard information assets.
Cherry Bekaert’s System Implementation and System Access Controls Assurance services help you achieve project objectives by identifying and managing key risks that could jeopardize the achievement of your organization’s desired outcomes.
Developed by our experienced IT governance and project management practitioners, our implementation assurance services independently assess your project at any point in the systems life cycle, including pre or post implementation, to help you manage project risk and realize benefits including the potential to:
- Improve the ability to meet operational, financial, and compliance objectives;
- Create efficiencies (including cost savings) in managing the business;
- Effectively safeguard shareholder/taxpayer assets and demonstrate sound financial stewardship; and
- Manage fraud risk and information asset risks such as unauthorized disclosure of PII and PHI, intellectual property and trade secrets.
However, a new system implementation is often not done in the ordinary course of business. This increases the chances of being blindsided by unseen or unmanaged risk, which can result in inefficiency, error and sometimes fraudulent activity until the control environment matures on the new system. It is estimated that:
- Only 39% of all projects are considered “successful”;
- More than 43% experience delays; and
- Approximately 60% experience significant cost overruns.
In our experience, implementation projects and immature system access monitoring controls can increase your exposure to activity level and enterprise level risk areas related to regulatory reporting, information security and operational capability.
Cherry Bekaert’s Risk & Accounting Advisory Services (“RAAS”) practice is comprised of business, finance, operational and information technology control and cybersecurity specialists. We provide partner and managerlevel personnel who possess the financial security/privacy and systems implementation experience required to assess an organization’s system implementation and system access control strategy, system design, execution plan, and consideration of internal controls.
Using an agreed upon framework (such as Control Objectives for Information and Related Technology or COBIT), we proactively help you manage project risk by monitoring the progression of your implementation timeline to ensure management has a clear picture of the project’s status up to and through system go-live.
Using our system implementation and system access control assurance methodology, we help our clients in the following areas:
- System Requirements Gathering & Analysis
- Technology and Vendor Selection
- RFP & Vendor Contract Review
- Pre & Post Implementation Reviews
- Independent Verification & Validation (IV & V)
- Internal Control Gap Assessment
- Segregation of Duties & System Access Controls Review
- Activity level and fraud risk assessments
- Internal control assessment of design and operating effectiveness
- Tools, templates and scripts needed to cleanup and sustain anti-fraud and system access controls over time
Comfort Over Internal Controls
Implementing new information systems can significantly affect your organization’s business processes, internal controls, and resulting risk exposure. A complementary part of our system implementation assurance methodology focuses on evaluating the design of internal controls addressing key risks to your business. We make sure expected controls are in place, and we assess your controls against an agreed upon maturity model to give you comfort that financial, operational and compliance risks are aligned with your organization’s risk appetite.
We serve as trusted advisors providing guidance to help you avoid being blindsided by unseen or unmanaged risk. With the help of Cherry Bekaert, you can gain comfort that your team has a clear picture of the progression of your project which drastically increases the likelihood of a successful implementation and system access controls.