This section: expand/collapse   All sections: expand/collapse

---

CERTRACK is a web-based system that allows firms to efficiently manage their internal control certification process by providing a secure platform for the documentation, testing and reporting of internal controls, managed in a structured and auditable manner. As a web-based application, users would only need an Internet connection and a web browser to access the system. CERTRACK allows users to utilize its features over the Internet.

Log in: CERTRACK uses a single-sign-on system, which enables multiple individuals to access data from CERTRACK simultaneously and in real-time. The data being accessed will depend on the user role, which could be an administrator, an auditor and/or a reviewer. In addition, CERTRACK keeps track of the complete access logs for different roles, and provides extensive security features for user authorization and authentication.

Security: CERTRACK's network connectivity is encrypted using 128-bit data encryption, and there is a firewall existing between the production environment and the public domain. Access to data and application is restricted based on user roles, and audit trails are enabled for the different roles. In addition, all employees of SyncBASE Inc. have signed the non-disclosure agreement and the privacy agreement.

Backup and Recovery: The CERTRACK application is backed-up on a daily basis, and a comprehensive backup strategy is in place to protect client data against computer equipment failures. Moreover, the backup media is stored in an off-site location.

Implementation: Users of CERTRACK will go through on-line training sessions with our designated trainers to get started. CERTRACK staff will take the responsibility of loading client’s existing data into the system if there is any, and will set-up as many user accounts as the client may need.

Support: : CERTRACK has a highly professional support team dedicated to the queries and needs of our clients. The support phone number and email address are published on our website, and there is a hunt group established on the phone system to provide 24-by-7 support. To view the support team profiles, please click here .

This section: expand/collapse   All sections: expand/collapse

---

CERTRACK facilitates the migration from previous means of managing internal controls through a customized set-up and implementation.

General Set-up:

• User Profile and information, such as their roles and contact information
• Company location and different departments, if any
• Company calendar, including company quarter ends and/or year ends
• Company existing processes and controls (both ICFR and entity level), if any
• Company financial statement accounts

Customized Set-up:

• If your firm has already documented your internal controls in an Excel or Word document, these will be uploaded onto the system for you
• If your firm has not documented internal controls, you can utilize our generic template which contains hundreds of samples for internal controls and process risks

This section: expand/collapse   All sections: expand/collapse

---

CERTRACK introduces a unique framework which allows a firm to complete their internal control audit through a top-down risk based approach that involves different members (process owners, management, external auditors, etc.) from different areas (accounting, operation, human resource, IT) within a single online platform.

Period Set-up and Control Documentation: Through the creation of audit periods, firms define the frequency and time frame for their internal control certification. For each period, control documentation is carried out through a review and update on control properties, and the attachment of physical evidences.

Control Testing: Testing information is provided by control owners/ process leaders/ compliance department, including test procedure and method, sample size, and sampling source. Test responsibilities are passed down to internal testers or external auditors, who will conduct tests independently through a separate log-on and upload evidences for management review.

Progress Charting, Monitoring, and Statistics: During the audit period, tester performances are constantly monitored. At any time, users can see statistics for tests that are outstanding, completed or behind schedule with a single click. Additionally, the system also maintains an audit trail on a daily basis to keep users updated on the changes made.

Control Conclusion: Control conclusions are done at the end of the testing process, where the reviewer of each control retrieves the information provided by the testers and sign off on each control. During that process, reviewers will be presented with the statistics on test results by business units/ accounting processes, testing evidences collected, and any additional comments/ remediation/ suggestion provided by testers. Reviewers then make a final assertion on the control and any recommendations should the control fail. The control conclusion is an authorization process and complete audit trails are maintained so that changes made are traceable and accountable.

Reporting and Closure: Once all records are updated, the end results are generated in Excel/Word/PDF files and ready to be presented to top management/auditor/ Compliance Department. Upon approval, audit period is locked so that no records are altered thereafter.