cross-icon
IT Controls Audit and SOX Readiness

A comprehensive IT audit program provides organizations visibility into their technology environment and associated risks. As technology adoption accelerates, controls deficiencies and vulnerabilities may emerge within this complex landscape. Our approach centers on designing a tailored audit program aligned with your specific environment, leveraging a risk focused methodology and supplemented by audit driven data to identify areas of focus to enable you to anticipate and address challenges proactively well before audit cycles arrive.

View Capabilities
Capabilities
IT Controls Audit and SOX
Readiness Offerings
01
IT Controls audit program considering global compliances such as SOX
Design or enhance your IT General and Application controls / Risk and Controls Matrix (RACMs) aligned to global compliances such as SOX.
02
Concurrent IT Audits
Real-time audits conducted alongside ongoing business and technology operations.
03
Gap Assessment of IT Controls Environment
We evaluate your current controls framework against best practices and compliance requirements to identify redundancies or gaps. Our tailored recommendations help streamline your controls and enhance their effectiveness.
04
Support for IT Internal Audit Execution
Leverage our experience to augment your IT Audit Teams to execute their audit program and drafting comprehensive workpapers and test sheets.
Our Insights
Real Problems, Real Thinking
Audit Trail Ensuring Financial Integrity and Accountability
Audit Trail Ensuring Financial Integrity and Accountability
India’s IT landscape has experienced a dramatic shift over recent decades, moving away from traditional, paper-dependent bookkeeping methods to a vibrant, tech-powered ecosystem. Today, organizations depend on — ranging from enterprise resource planning (ERP) tools to cloud platforms — not only to boost efficiency but also to safeguard compliance, security, and data accuracy of financial reporting. This change entails additional responsibility since keeping thorough records helps to prove financial integrity and responsibility. An audit trail acts as the "black box" of an organization—a kind of financial journal that captures every activity. It records who did what, when, and how within the financial system. This creates a straightforward way to verify the accuracy and accountability of financial records. Think of it as holding a backstage pass that lets you peek behind the curtain—offering complete visibility into every transaction for transparency, tracking access to sensitive data to bolster security, and capturing system changes to ensure compliance. With their growing importance, audit trails are now a legal must-have in India, following regulatory mandates that came into effect on April 1, 2023. The push for audit trail comes straight from the Companies (Accounts) Rules, 2014, where Rule 3(1) says any organization using accounting software—whether it's ERP systems or even web portals—must have a permanent audit trail that can't be turned off. It’s got to automatically track every change, stamp it with a timestamp, and keep those records on hand for audits. Meanwhile, auditors, under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014, must double-check that this feature was running all year, and wasn't tampered with. This rule isn't just for large organizations—it applies to every Indian organization. Whether it's nonprofits under Section 8 or foreign entities, it covers everything from standalone to consolidated financial statements.
  • 2-3 Min Read
Emerging Risks and Trends: What Lies Ahead in the Near Future
Emerging Risks and Trends: What Lies Ahead in the Near Future
In a dynamic and fast-paced global environment, organizations are navigating ever-increasing challenges driven by technological advancements, environmental demands, and changing societal expectations. These changes blur traditional risk boundaries and create a complex, interconnected risk landscape. As a result, it has become imperative for internal audit functions and organizations as a whole to develop the ability to identify, understand, and mitigate risks, enabling them to achieve resilient and sustainable growth. These emerging threats also provide internal audit teams with an opportunity to demonstrate agility, prudence, and strategic insights, thereby reinforcing their role in enhancing organizational resilience and long-term value creation. Business continuity risks are probable disruptions that hinder an organization's ability to operate effectively and deliver essential services. The disruptions may arise from multiple sources such as natural calamities, technological disruption, cybersecurity incidents, geopolitical conflicts, and supply chain disruptions. The COVID-19 pandemic or Suez Canal blockage were recent and powerful examples of how such risks can severely impact global operations. Continuity risks are highly interconnected and interdependent. A minor disruption in one part of the chain can trigger a domino effect, leading to operational and financial consequences globally. Thus, strengthening operational resilience is essential for maintaining stakeholder trust and sustaining long-term value delivery. Human capital risk is the vulnerability organizations encounter in attracting, retaining, and developing their talent. Employees are the most valuable assets and vital pillars of any organization. Failure to manage talent effectively can significantly impact business continuity, innovation, and competitive edge.
  • 2-5 Min Read
VIEW ALL INSIGHTS
Driving Impact
Our Technology Risk Advisory
Leadership Team
cross-icon
Gaurav Khandelwal
Gaurav Khandelwal
Partner & Leader - Risk Advisory
Gaurav is a Risk Advisory Practice Leader at Pierag Consulting, one of the fastest-growing firms in the advisory space. A Chartered Accountant by profession, he is a seasoned Governance, Risk, and Compliance professional with over 20 years of experience in consulting and industry. An ex-Big 4 leader, he is renowned for advising clients on managing risks and assisting large-scale organizations in implementing robust governance frameworks across sectors such as real estate, infrastructure, consumer products, beverages, hospitality, and healthcare. In his industry role, Gaurav was instrumental in driving the culture and implementing frameworks across governance, risk, and compliance. Under his leadership, Tata Realty won prestigious accolades, including the Risk and Compliance Awards at ICICI Lombard and the CNBC TV18 India Risk Management Awards. Earlier, in his leadership roles at Big 4, he led multiple risk-based internal audit engagements for diverse clients, including companies engaged in the operations and maintenance of roads, steel manufacturing across multiple locations, leading players in the Indian credit card market, and liquor manufacturers with several bottling units. He has also worked on enterprise risk management engagements, developing frameworks to effectively identify and address strategic and operational risks through structured monitoring and reporting mechanisms. For instance, he assisted a leading footwear company in re-assessing its ERM framework, prioritizing key risks, and co-developing a comprehensive mitigation plan. Gaurav has extensive experience in compliance program implementation, where he has been responsible for setting up compliance functions and reporting structures, ensuring comprehensive mapping of legal and regulatory requirements across functions, and strengthening ongoing compliance monitoring. Additionally, he successfully managed end-to-end IFC implementation for one of India’s leading healthcare brands, covering 24 hospitals across the country.

Key Expertise and Achievements

  • Risk-Based Internal Audits and Internal Controls Assurance
  • IFC/SOX Readiness, Implementation, and Compliance
  • Enterprise Risk Management Frameworks and Mitigation Planning
  • Business Process Reengineering and Regulatory Compliance
  • Large-scale IFC implementation in the healthcare industry (24 hospitals)
  • Award-winning governance and compliance leadership at Tata Realty.
cross-icon
Dipesh Khushalani
Dipesh Khushalani
Director - Technology Risk Advisory

Dipesh's journey is a testament to the amalgamation of passion and diverse experiences. His enthusiasm for computer games and experimentation with technology laid the groundwork for a career in this field. He has built a comprehensive skillset from his tenures at leading firms like KPMG India and SBI Cards, specializing in a wide range of areas including Privacy (GDPR, DPDPA), Cybersecurity, IT Audits, IT SOX, SOC 1 & SOC 2 reporting, and Business Continuity Planning.

Dipesh is a Certified Information Systems Auditor (CISA) and holds an MBA in Information Systems and Security, along with a PG Diploma in Cyber Laws.

His broad expertise extends across multiple sectors such as BFSI, NBFCs, Manufacturing, Aviation, and Telecom.

Dipesh brings a holistic perspective to his work, with his interests in dramatics, filmmaking, and martial arts honing the creativity and adaptability needed to thrive in the dynamic technology risk domain.

View all Leaders
Secure Your Technology Landscape
Ensure your IT environment is resilient and compliant with evolving regulations. Our Technology Risk Advisory services help you identify gaps, enhance control effectiveness, and build confidence in your technology landscape.