TDI advised the Export-Import Bank of the U.S. on their architecture & practices for SAS 70 compliance and a better cybersecurity posture.
For the Export-Import Bank (the Bank), TDI helped performed a Design & Implementation Assessment of the IT General Controls over the core financial applications (F&A). In prior years, the Bank had relied on a SAS70 report performed on the service entity that hosted the production F&A environment and subsequently delivered it to the external auditor as part of the annual financial statement audit. As a result of bringing F&A in-house, the Bank sought assistance in understanding the audit implications of hosting the F&A internally. After the initial task of defining and assessing key controls that had previously been managed by the service entity, TDI mapped the applicable control domains from management interviews, the service audit report, SAS70s from similar hosting facilities of financial institutions, and the Bank’s process narratives. Once the key control domains and controls had been approved by management, TDI assessed the Design & Implementation by interviewing management and performing a ‘test of one’ to identify observations in the F&A production environment. Our report was used to guide the efforts of the internal IT audit contractors and prioritize remediation efforts.
Organizations today face a variety of demands for internal audits — including new laws and regulations, competitive pressure and technological change. TDI has the technical skills and industry knowledge to help our clients develop and improve internal audit functions with quality, efficiency and effectiveness. Our services include instituting risk-based IT audit strategies; performing IT audit projects; and providing ongoing expertise through co-sourcing arrangements. Our methodology can produce significant, measurable impacts on the cost effectiveness of the IT audit function and its value to our clients’ internal control and corporate governance.