Case Study Six: Implementation of IT Policies, Procedures, and Controls for a Pharmaceutical Manufacturing Company

Summary Level

A public company in the pharmaceutical industry experienced significant growth over several years and required enhanced IT policies and procedures and adoption of a security and availability controls framework.

Details

Client’s Situation:

A public company in the pharmaceutical industry experienced significant growth over several years and required enhanced IT policies and procedures and adoption of a security and availability controls framework.

Accounting and Business Consultant’s Engagement Role:

We were engaged to assist the IT department and the Chief Information Officer with drafting and adopting IT policies and related security and availability controls.

Engagement Results:

We successfully implemented a security and availability controls framework. We reviewed and enhanced relevant IT policies to be adopted by the department. We documented and assessed security and availability risks with management and identified controls in place to mitigate IT risks. Our team assisted with the identification of key IT controls relevant to the Company’s efforts to comply with Sarbanes Oxley (SOX) and other regulatory requirements. As a result of our efforts, management was able to restructure and align governance and responsibilities in the IT department while providing executives of the Company peace of mind that important information security and availability risks were better controlled and monitored.