loader image
• DPDP Act compliance deadline · 334 days to 13 May 2027    Get assessed →
Schedule a Consultation

Building the Foundation of Organisational Trust.

Most audits tell you what failed. Zorixx governance engagements tell you why and design the controls that prevent it from failing again. Our governance, risk, and assurance practice combines CA-level financial rigour with deep technology expertise to deliver control frameworks that don’t just satisfy auditors — they actually strengthen business operations and decision-making.

Request a Governance Assessment
Download ITGC Readiness Checklist

IT General Controls (ITGC) Audit & Testing

IT General Controls are the backbone of any reliable IT environment. A weak ITGC framework means your application controls, ERP systems, and financial reports cannot be relied upon — regardless of how sophisticated your technology appears.

ITGC Domains We Audit:

  • Access Management — user provisioning/de-provisioning, privileged access (PAM), shared IDs, dormant accounts, periodic access reviews.
  • Password Controls — complexity policy, history, expiry, lockout, MFA enforcement.
  • Change Management — SDLC controls, change request authorisation, emergency changes, SoD in development/production.
  • Backup & Recovery — backup schedules, off-site storage, restoration testing, DR drill effectiveness.
  • Preparation for statutory auditor reliance — reducing duplication and audit fatigue
  • Design adequacy assessment — are controls designed to prevent/detect material misstatements?

IT Application Controls (ITAC) Testing

Application controls automate business rule enforcement. They are critical for financial reporting integrity, compliance, and fraud prevention. ITAC failures are often the source of material weaknesses in financial audits.

01.
Automated input controls

Data validation, field-level checks, mandatory fields

02.
Processing controls

Calculation accuracy, batch job controls, reconciliation

03.
Output controls

Report accuracy, distribution controls, output reconciliation

04.
Interface controls

Data transfer accuracy, error handling, system-to-system reconciliation

05.
Workflow controls

Approval routing, escalation logic, override controls and exception logging

06.
Segregation of Duties (SoD)

Conflicting access detection within and across applications

SOX / IFC / Internal Control Design & Testing

For listed companies, IFC compliance under the Companies Act 2013 (Section 134(5)(e)) is a board-signed statutory obligation. Zorixx helps organisations build, document, and test internal financial controls that genuinely work.

  • Entity-level control documentation and assessment (COSO framework)
  • Process-level risk and control matrix (RCM) design across financial processes
  • Key control identification — financial reporting controls, anti-fraud controls
  • Operating effectiveness testing — are controls actually working as designed?
  • ICFR gap identification and remediation advisory
  • Preparation for statutory auditor reliance — reducing duplication and audit fatigue
  • Design adequacy assessment — are controls designed to prevent/detect material misstatements?

Standards Alignment: COSO 2013 Framework | Companies Act 2013 S.134(5)(e) | ICAI Guidance on IFC

ERP Audit & MCA Rule 11(g) Audit Trail Review

MCA Rule 11(g) mandates that accounting software must maintain a tamper-evident audit trail — and auditors must verify its integrity. This is now a mandatory reporting requirement for statutory auditors.

Audit trail feature activation

Is it enabled for all relevant modules?

Completeness

Is every transaction, change, and deletion captured?

Tamper-evidence

Can audit logs be modified or deleted? Is hash-chaining in place?

User activity logging

Who made changes, when, from which device?

DDL/DML logging

Schema changes and data-level modifications

Privileged user activity

DBA and admin session logging

Backup integrity of audit logs

Are logs backed up and recoverable independently?

ERP platforms covered

SAP ECC, SAP S/4HANA, SAP HANA, Oracle EBS, MS Dynamics, Tally ERP, custom ERPs

Internal IT Audits & Technology Risk Reviews

  • Technology landscape mapping and dependency analysis.
  • Shadow IT identification and risk assessment.
  • Network architecture review — segmentation, firewall, DMZ.
  • IAM governance assessment — joiner/mover/leaver process review.
  • Cloud infrastructure risk assessment (AWS/Azure/GCP).
  • Third-party and vendor IT risk reviews.
  • IT asset lifecycle governance.
  • BCP and DR readiness review.
Request a Governance Assessment

Board & Audit Committee Advisory

Boards that receive jargon-heavy reports cannot exercise effective oversight. Zorixx bridges the gap between technical audit findings and boardroom decision-making.

Plain-language executive risk summaries from technical findings
Heat-mapped risk dashboards for Audit Committee presentations
Governance health scores with peer benchmarking
Emerging risk horizon scanning — technology and regulatory
Audit Committee charter reviews and effectiveness assessments
Board training on cybersecurity and technology risk

WHO SHOULD ENGAGE US

Listed Companies & Large Enterprises

ITGC/ITAC, SOX/IFC, and ERP audit trail requirements under MCA, SEBI, and Companies Act.

Financial Institutions

RBI and SEBI mandated IT governance, IS audits requiring deep technical expertise.

Companies Preparing for IPO/Listing

IFC documentation, audit-readiness programs, control framework design.

Boards & Audit Committees

Independent assurance on governance quality, technology risk, and control effectiveness.

Zorixx Assistant