Information security is becoming increasingly important
Increasing networking and digitalisation are bringing about far-reaching changes in the business world. Modern accounting is no longer conceivable without complex IT systems. At the same time, however, this also increases the risks for companies, especially when handling data. Confidentiality, availability and integrity of data are central security requirements that must also be met with regard to the correctness of IT-supported accounting. Our IT auditors are experts in operational IT operations and develop targeted measures for you to counteract risks and to check the security and reliability of your IT systems.
IT audit as part of the audit of the consolidated and annual financial statements
An IT system audit examines the IT General Controls (ITGC) and covers the following areas:
- IT organization, IT environment and IT strategy
- IT operations
- Access rights
- Change Management (program change, test and release procedures)
IT audit as special audit
We carry out separate IT audits for subject areas that require a deeper and more detailed examination. The scope and focus of the audit will be agreed with you individually. This includes among other things
- Audit of governance processes and governance structures
- Testing of application controls
- Audit of authorizations in IT systems
- Testing of data interfaces between IT systems
- Examination of data migrations during the conversion of ERP systems
- Audit of IT projects
- Audit of IT outsourcing
Methodology and reporting
We carry out our IT audits in accordance with nationally and internationally recognised guidelines and standards, such as ISA 315 and ISA 330, the expert reports DV1 and DV2 of the Data Processing Committee of the Chamber of Public Accountants and Tax Consultants, selected guidelines of the IDW and COBIT.
The "IT Audit Report" presents the audit areas, audit procedures, assessment and evaluation methods, security criteria and the findings in a transparent and comprehensible manner. Based on the findings, a follow-up plan is then drawn up in coordination with the client and the process and system managers, in which the measures to reduce risks are defined and prioritised. The implementation of the agreed measures is recorded systematically and in a structured manner ("issue tracking").
Your added value
Companies no longer expect an auditor to provide professional assurance services only, but also to make a meaningful contribution to optimizing processes and increasing business success. An IT audit is a sensible starting point, as the high IT penetration also allows a good overview of the company's business processes.
CISA (Certified Information Systems Auditor)Get in touch