This delegated entity review focuses on IT SOX readiness procedures for an application, testing change management, computer operations and logical security areas.
In this sample, internal audit assisted with a company’s annual delegated entity compliance procedures as part of the audit plan. Management requested that the delegated entity procedures performed focus primarily on ITGCs surrounding an application developed by company personnel. Relevant areas of testing included change management, computer operations and logical security. In addition, internal audit performed some limited procedures surrounding the protection of personal health information data.