top of page
Overcoming The Challenges of External Audits
Project Information
THE CHALLENGE
The Pantry, Inc. (Pantry) underwent an external audit after its first year of Sarbanes-Oxley (SOX) compliance. The IT Department disagreed with some of the findings and were unsure how to interpret and remediate others. While more than 20 applications were in scope for SOX compliance, the external auditors also reported deficiencies ranging from technical network authentication settings to processes in need of improvement.
It is not uncommon for external audit reports to include low-risk findings that are not significant to the business. If the business cannot rebut such findings, they may waste critical resources trying to achieve unnecessary objectives and miss opportunities to improve other, more critical processes. To avoid that fate, The Pantry needed to bridge the communication gap between the external auditors and their internal IT department.
THE CLIENT
The Pantry is one of the largest independently operated convenience store chains in the country, with more than 1,500 stores in 13 states across the southeast. They operate under several banners, including Kangaroo Express, and have almost 7,000 full-time employees. They frequently adapt merchandise offerings and other services to appeal to the needs of a large, diverse customer base.
“...summed up with three words—knowledgeable, flexible, and available.”
- The Pantry, Inc.
CHALLENGING DEFICIENCIES
Securance addressed the initial list of reported deficiencies by 30 percent by performing the following tasks.
-
Clarifying control statements and determining that some controls were not “key” for SOX compliance.
-
Providing additional technical and corroborating audit evidence.
-
Supplying detailed explanations to the external firm’s lead auditor, including information on leading practices and security configurations for applications and network devices.
THE SECURANCE SOLUTION
Securance deployed IT risk consultants who formerly worked at Big 4 firms, honing their skills with large companies and gaining exposure to a wide-array of technologies, best practices, and risk profiles. This depth of knowledge helped them work with The Pantry’s team to successfully challenge and reduce the audit deficiencies by 30 percent.
Securance also conducted a risk-based assessment of The Pantry’s applications to confirm which systems were in scope for SOX compliance. This allowed The Pantry to focus their resources on applications that directly impacted compliance.
Both the external audit firm and The Pantry’s IT personnel felt the project was a success. Securance continues to provide IT risk management services to The Pantry.
GET A SECOND OPINION
External audit reports are necessary, but not without fault. If your business is facing a long list of deficiencies, it’s advisable to engage experts that can offer a second opinion and guide your internal teams through the process of challenging and remediating the findings.
Securance consultants have the knowledge, experience, and skills to help your business overcome external audit deficiencies. Contact us to learn more about this and our other IT audit, and compliance services.
bottom of page