IT Audit, expertise & investigation

  • Home   /  Services  /  
  • IT Audit, expertise & investigation

Auditing is a powerful tool for IT governance. Based on hard facts, audit reports provide the management with an objective snpashot of the organization’s current situation, risk profile or over a defined issue.

IT audits shall be constructive for all stakeholders – management and auditees – in order to determine the right measures to improve the organization, optimize its risk profile and ensure compliance to regulations. It should also enable the auditees to communicate their perception of the situation and to report problems, opportunities and corrective measures needed without going through the traditional hierarchical reporting channels.

In the field of IT audit, we are active in the following areas:

Support to the Internal Audit Department

  • Definition and implementation of an internal audit process according to IIA / ISAI best practices
  • Elaboration of an internal audit strategy integrating:
    • New and upcoming technology-related topics that will have to be audited
    • Continuous improvement of internal audit processes, tools and staff
  • Integration of internal audit with the major processes of the company:
    • Risk Management: ERM & ORM
    • Information security and positioning of internal audit
    • Portfolio management of services and projects
  • Development of IT controls and IT control self-assessment questionnaires

Customized general computer audits

  • Business Processes and underlying IT services
    • End-to-end Billing systems
    • Order-to-cash and value chain
    • Supply chain management
    • Accounts Receivable and Accounts Payable
    • CRM and customer relationship management, contracts and products
  • Audit of IT costs (organizations, projects and services)
  • Audit of strategic IT projects and project management methods
  • Audit of Business Process Continuity (ISO 22’301) and IT Services
  • Information Security and cybersecurity audits (ISO 27’001, NIST)
  • GDPR DPIA (Data Protection Impact Assessment)

Special investigations on a case-by-case basis

  • Financial fraud, analysis of business processes and IT
  • Technical fraud (cyber and telecoms)
  • Post-mortem analysis and information systems security concepts

SAP Security audit

  • GRC Audit
  • Data security
  • User and access management
Copyright 2017 © TICTAC Services