Technology Risk & Assurance

In today’s highly complex and technological environments, most businesses have become more reliant on computer generated and system processed information. Business decision makers are highly dependent on credible information and therefore impacted by data integrity and security of their information resources and technology infrastructure. As a result, there is a need for the understanding of the business' ability to effectively manage and mitigate information technology (IT) risk and their strategic alignment of IT resources with the business.

Technology Risk and Assurance (TRA) Division is responsible for assessing IT risk and the effectiveness of the information technology control environment for the State of Georgia. The assessment of IT risk and evaluation of IT controls help reduce the risk of ineffective IT processes adversely impacting the State of Georgia and increases the reliability of information. Our assessments and associated recommendations help add value by providing improvements around the managing of integrity, confidentiality, and availability of information as well as the effectiveness and efficiency of IT operations.

Specifically, the TRA Division:

  • Evaluates IT general and application controls for information systems supporting significant classes of transactions for the State of Georgia. In addition, we gain an understanding of the business processes and the IT resources and processes that management has implemented to meet the business requirements. These evaluations may be used by financial auditors in planning and determining the nature, timing and extent of audit procedures to be performed in support of the comprehensive annual financial report, as well as providing timely recommendations to management for needed improvements in IT-related controls.
  • Evaluates IT general and application controls for information systems supporting significant business processes related to performance audit engagements. These evaluations may be used to assess controls in place for confidentiality, integrity, and availability of data and ensures the accuracy and validity of data supporting core business processes.
  • Performs risk-based information systems reviews to evaluate IT governance related to IT processes and IT strategic alignment.
  • Performs vulnerability assessments for significant State of Georgia businesses to determine weaknesses within the IT environment. Tests conducted in connection with such reviews and assessments may include, but are not limited to, penetration testing and network, web, and data base scanning.
  • Performs standard and custom data analytics including analysis of journal entries, accounts payable, account receivable, and inventory accounts through computer-assisted audit techniques (CAATs). These analytics may be used to focus audit procedures and gain audit effectiveness and efficiencies.