Ensuring the reliability of financial reporting requires not only the formal establishment of IT controls, but also a clear understanding of their design, effectiveness, and alignment with business risk.
Under US-SOX and J-SOX, the assessment of IT controls (ITGC and ITAC) is a critical component of the overall governance framework.

Drawing on experience at major audit firms, we provide advisory services that go beyond compliance support. Our approach integrates IT control evaluation (J-SOX / US-SOX) with broader information security risk assessment and control enhancement initiatives.

We support the development and refinement of RCMs, evidence frameworks, and evaluation documentation, as well as the design of security policies and operational procedures—ensuring both audit readiness and sustainable governance.

 

1. IT General Controls (ITGC) Design, Evaluation, and Documentation Support

With US-SOX and J-SOX requirements in mind, we provide end-to-end support ranging from ITGC design and effectiveness assessment to remediation planning and audit-ready documentation.
Rather than focusing on formality alone, we emphasize controls that operate effectively in practice and are supported by appropriate evidence.

Our support includes the development of RCMs, control narratives, evidence frameworks, readiness for design and operating effectiveness assessments, and coordination with external auditors.

2. IT Application Controls (ITAC) Design, Evaluation, and Documentation Support

We assist in the design, assessment, and audit documentation of application controls embedded in key business processes such as revenue, procurement, inventory, and financial reporting.

Our services include evaluation of control reliance, identification of key audit considerations, and documentation support aligned with audit requirements.

3. US-SOX / J-SOX IT Controls Advisory

Based on regulatory expectations and audit procedures, we provide practical advisory support covering the full lifecycle of IT control design and evaluation.

Our approach reflects an understanding of auditor expectations and includes:

  • Review and redesign of overall IT control frameworks

  • Development and refinement of control documentation structures

  • Evaluation planning support

  • Identification and prioritization of remediation items

  • Assistance in responding to auditor reviews

  • Cross-functional coordination support

  • IT control implementation support for pre-IPO companies

4. Security Audit / Cybersecurity Audit (Assessment and Policy Development Support)

We assess information security governance and technical control environments against relevant standards and guidelines, and provide recommendations for improvement along with policy and procedural documentation support.

Our services include:

  • Information security governance assessments

  • Risk assessment support

  • Cloud control evaluations

  • Third-party and supply chain control assessments

  • Development of information security policies

  • Drafting and revision of key policies (access control, change management, vendor management, etc.)

  • Preparation of security audit reports

Please note that vulnerability scanning and hands-on remediation activities are outside the scope of our services.

Our Approach

Grounded in regulatory intent and a risk-based perspective, we deliver IT and information security control advisory services that balance practical effectiveness with audit readiness.

We work closely with internal audit teams and external auditors, prioritizing pragmatic and sustainable solutions rooted in real-world operations.