IT Audit, expertise & investigation

Auditing is a powerful tool for IT governance. Based on hard facts, audit reports provide the management with an objective snpashot of the organization’s current situation, risk profile or over a defined issue.

IT audits shall be constructive for all stakeholders – management and auditees – in order to determine the right measures to improve the organization and optimize its risk profile. It should also enable the auditees to communicate their perception of the situation and to report problems, opportunities and corrective measures needed without going through the traditional hierarchical reporting channels. In the field of IT audit, we are active in the following areas:

  • Support to the Internal Audit Department:
    • Definition and implementation of an internal audit process according to IIA / ISAI best practices
    • Elaboration of an internal audit strategy integrating:

      • New and upcoming technology-related topics that will have to be audited
      • Continuous improvement of internal audit processes, tools and staff
    • Integration of internal audit with the major processes of the company:

      • Risk Management: ERM & ORM
      • Information security and positioning of internal audit
      • Portfolio management of services and projects
    • Development of IT controls and IT control self-assessment questionnaires
  • Customized general computer audits:
    • Business Processes and underlying IT services

      • Order-to-cash and value chain
      • Supply chain management
      • Accounts Receivable and Accounts Payable
      • CRM and customer relationship management, contracts and products
    • Audit of IT costs (organizations, projects and services)
      • Evaluation of IT costs
      • Identification of action points for cost-based IT strategy management
    • Audit of major IT projects and project management methods
    • Audit of Business Process Continuity (ISO 22’301) and IT Services
    • Information Security Audits (ISO 27’001)
      • GDPR DPIA (Data Protection Impact Assessment)
  • Special investigations on a case-by-case basis
    • Financial fraud, analysis of business processes and IT
    • Technical fraud (cyber and telecoms)
    • Post-mortem analysis and information systems security concepts