IT Controls Audit

ITGC & ITAC assessments tailored for accounting and audit firms in Singapore

IT Controls Audit Services for Accounting Firms

As financial reporting increasingly relies on complex IT systems, accounting and audit firms require robust assurance over the technology that underpins their clients' financial data. FE Technology delivers specialised IT controls audit services covering both IT General Controls (ITGC) and IT Application Controls (ITAC), designed specifically to support the needs of accounting practices and external auditors operating in Singapore.

Our assessments evaluate controls across the IT systems that underpin your clients' financial reporting, including ERP platforms, accounting software, and bespoke business applications, ensuring that the integrity, confidentiality, and availability of financial data are maintained. Whether you are supporting statutory audits, addressing regulatory expectations from bodies such as the Accounting and Corporate Regulatory Authority (ACRA), or strengthening internal controls over financial reporting, our team provides the technical depth and audit rigour your organisation needs.

IT General Controls (ITGC)

Identity and Access Management

Review of logical access controls including user provisioning, de-provisioning, role-based access, privileged account management, and periodic access recertification across financial systems and infrastructure.

Change Management

Assessment of change management processes for applications and infrastructure, including change authorisation, testing, approval workflows, and segregation of duties between development and production environments.

System Development Lifecycle (SDLC)

Evaluation of controls over new system development and implementation, including requirements definition, design reviews, testing procedures, data migration, and go-live approval gates for financially significant applications.

IT Operations Controls

Evaluation of IT operational controls including job scheduling, batch processing, incident management, system monitoring, backup and recovery procedures, and data centre or cloud infrastructure management.

IT Application Controls (ITAC)

Input Controls

Assessment of data validation, authorisation checks, and edit controls that ensure only complete, accurate, and authorised transactions are entered into financial applications such as SAP and Oracle.

Processing Controls

Evaluation of automated calculations, posting logic, and processing rules within financial systems to verify that transactions are processed completely, accurately, and in the correct accounting period.

Output Controls

Review of report generation, distribution controls, and reconciliation procedures that ensure financial outputs are accurate, complete, and delivered to authorised recipients only.

Interface Controls

Assessment of data transfers between systems, including automated interfaces, file transfers, and API integrations, to ensure data integrity is maintained across the financial reporting ecosystem.

Our Audit Process

Scoping & Planning

We collaborate with your audit team to identify in-scope systems, define the control objectives, and establish the audit timeline aligned with your financial reporting cycle.

Control Design Testing (ToD)

We evaluate whether IT controls are appropriately designed to meet their objectives, reviewing policies, procedures, and system configurations for each control area.

Operating Effectiveness Testing (ToE)

We test whether controls have operated effectively over the audit period through sample-based testing, system interrogation, and evidence examination.

Reporting & Remediation

We deliver a detailed findings report with risk-rated observations, root cause analysis, and prioritised remediation recommendations to support your audit conclusions.

What You Receive

ITGC & ITAC Assessment Report

Comprehensive report covering all in-scope IT general controls and application controls with detailed test results

Control Gap Analysis

Identification of control gaps and deficiencies mapped against control objectives and industry good practices

Risk-Rated Findings

Each finding classified by severity and potential impact on financial reporting to help prioritise remediation efforts

Remediation Roadmap

Actionable remediation plan with timelines and responsibility assignments to address identified control weaknesses

Management Letter

Formal management letter summarising key findings and recommendations suitable for audit committee and board reporting

Working Papers

Structured working papers documenting test procedures, sample selections, evidence obtained, and conclusions for each control tested

Need an IT Controls Audit?

Speak with our team about scoping an ITGC and ITAC assessment tailored to your organisation's financial reporting environment.

Request an Assessment

Our Services

Cybersecurity Consulting Security Audit IT Controls Audit VAPT SSAT Awareness Training

Need Help?

Contact us for a no-obligation discussion about your IT controls audit requirements.

Get in Touch