Trames

IT Risk & Data

Our mission is to transform the conventional Audit model

We blend Audit, Risk and automation expertise into tailored solutions to enhance the conventional Audit process – using the technologies that suits you better.

Our Services

IT Audit & Compliance assessments

IT General Controls (ITGC) testing should not be a Pandora’s Box in your Compliance program. Let us take over this seat while you focus on the main Financial controls.

Our approach to IT Controls is based on foundational methodologies such as ISO 27001. Our expertise cuts through the systemic complexity and scopes those ITGCs that are truly impactful in your controls environment.

Continuous Audit & Automation

Why keep manually checking controls year after year when the data is right there, waiting to streamlined?

ITGCs are the perfect starting point for Audit transformation:

✔ Constant and pervasive.

✔ Complex enough that manual analysis alone isn’t reliable.

✔ Related data is often structured and queryable, making it a key building block for automation.

The result? Faster, population-wide control assessments and reduced audit risk with automation.

Audit Remediation Plan

Feel like cycling back to the same Audit Finding?

With the lens of SOX Auditors, our approach enable the best possible design of an Action Plan to successfully address the Audit Finding.

✔ No more doubts as to whether the design of the action plan is sufficient or not according to External Auditor’s standards.

✔ Let us test the remediation and ensure that no surprises will come along during the next External Auditor’s cycle.

Our Continuous Audit Framework

Without a clear risk perspective, testing controls and developing analytics automations becomes challenging. That’s why our first priority is to establish the most accurate risk view possible and then derive actionable steps from it.

Precise Risk Mapping
Automation is only as accurate as the risks it targets, and one of our main priorities is to clearly define risks to be able to guide data sourcing and processing. For example, identifying a Privileged Access risk in SAP requires detailing the exact combinations of authorization objects that constitute the threat and this is the type of clarity driving the automation and analytics design.

Process & Technology Synergy
Few Teams bridge Audit and automation effectively. Modern audit tools like ACL offer robust programming interfaces, including Python integration, enabling scalable automation that often pass by undiscovered by Audit professionals. At Trames, we assess and align the right tools with your operational and budgetary needs to unlock automation’s full potential.

Quick Wins First
Begin with risks that are simple, data-accessible, and impactful. These “low-hanging fruits” allow for rapid prototyping, validation, and stakeholder engagement—laying the groundwork for broader, more complex automation initiatives.

Scalable Automation Infrastructure
True continuous monitoring requires more than desktop scripts. A centralized, secure automation platform eliminates version control issues and enhances performance, especially critical for SOX-relevant controls. The platform definition (Cloud or local?) will depend on the automation complexity, security and budget requirements. It is part of our approach to ensure that the tailored solution is fine-tuned to align optimally with these thresholds.

The Team

Lucas Borba, CISA

Founder & IT Risk expert

40+

Audit Projects delivered including SOX – based clients

Projects delivered following Big4 methodology and IT governance best practices, including COBIT v5, ITIL, and ISO 27001.

1000+

Audit hours saved

Our automation solutions, from basic data extraction to advanced analytics, have streamlined population-wide analysis and delivered measurable Audit hour savings.

Let us understand your reality and provide a future perspective

We offer a quick assessment and roadmap to support your Audit transformation—no commitment upfront, only if it proves valuable to you.