The main task of the internal audit department remains to protect and increase the value of the company by providing risk-based and objective advice. Nevertheless, the audit teams must remain flexible and adapt their working methods to constantly changing conditions and models.

Technology and globalization dictate how and where companies operate and require new risk management and control approaches. Internal Audit should be involved in strategic corporate planning from the outset, as it is able to anticipate upcoming challenges and dynamically adapt processes.

Internal Audit can act as a catalyst for positive change through innovation, productivity and sustainability - with a tailored focus on your corporate strategy.

For Internal Audit to be effective, it must have access to qualified and scalable resources. A comprehensive analysis can identify a broad spectrum of risks to which companies are exposed today.

Companies must:

  • Determine whether their current internal capacity is sufficient to change their corporate risk profile and future audit plan.
  • Leverage best practices and insights from all markets and industries.
  • Review the audit plan and the organization's overall risk framework.

IT audit as part of Internal Audit Services

Since nowadays practically all business processes are IT-supported, data is one of the most valuable and important resources of a company. Information security affects practically all areas of the company and can have a direct impact on the success of the company. We therefore see IT auditing as an important focus of internal auditing.

Our IT auditors themselves have been working in IT operations for many years, so they have a wealth of experience and can give you practical recommendations for targeted and effective improvement measures that are suitable for your company. In addition, we can also draw on qualified and competent colleagues in the Grant Thornton network for internal auditing.

An IT audit examines the general IT controls (ITGC - IT General Controls) and covers the following areas:

  • IT organization and IT environment
  • IT operations
  • Access rights
  • Change Management (program change, test and release procedures)

For subject areas where there is a need for a deeper and more detailed audit, we carry out more extensive IT audit procedures. The scope and focus of the audit will be agreed with you individually and defined in the Internal Audit Charter. In practice, this can include the following areas:

  • Audit of governance processes and governance structures
  • Testing of application controls
  • Audit of authorizations in IT systems
  • Testing of data interfaces between IT systems
  • Examination of data migrations during the conversion of ERP systems
  • Audit of IT projects
  • Audit of IT outsourcing
  • Review of cyber security measures

Methodology and reporting

We conduct our IT audits in accordance with nationally and internationally recognized guidelines and standards, such as COBIT.

In the "IT Audit Report", the audit areas, audit procedures, assessment and evaluation methods, security criteria and the findings are presented in a clear, transparent and comprehensible manner. This report is also a component of the internal audit report within the scope of the defined reporting lines.

Based on the findings in the audit report, a follow-up plan is drawn up in consultation with the client and the process and system managers, in which the measures to reduce risks are defined and prioritised. The implementation of the agreed measures is recorded systematically and in a structured manner ("issue tracking").


How can Grant Thornton support your company?

Setting up a specialised internal audit team is not feasible or cost-effective for every company. We offer you individual co-source or complete outsourcing solutions tailored to your company. Our international team, led by Certified Internal Auditors (C.I.A.). supports you in major transformations and develops efficient protection against the most important risks that may affect your company. Our experienced internal auditors cover the following areas:

  • Outsourcing Internal Audit: outsource the internal audit function to our experts!
  • Co-Sourcing Internal Audit services: Outsource a part of the internal audit services to our experts!
  • Quality assurance measures for internal auditing: Our experts support you in maintaining the quality standards in your company.
  • Review and evaluation of internal controls: We support you in further improving existing internal controls and establishing effective internal controls.
  • Review of internal control systems according to recognized international standards: As part of Internal Audit, we examine your company's internal control system - depending on your requirements - according to recognized international standards such as SOX.

Do you still have questions about Internal Audit? Our experts Michael Dietrich and Andrew Dickson will be happy to assist you.