The statutory requirements for IT
IT assurance in auditing – security, compliance & efficiency
In an increasingly digitalized world, IT systems play a central role in corporate management and financial reporting. But are your IT processes really secure, efficient and compliant? Our IT assurance team ensures that your IT systems meet the highest standards and that risks are identified at an early stage.
Why IT assurance?
Risk minimization: Identification and assessment of IT risks for financial reporting and annual audits
Compliance & regulation: Ensuring compliance with legal and industry-specific requirements (e.g. IDW PS 330, ISA 315 revised)
Increasing efficiency: optimizing IT-supported business processes to reduce risks and sources of error
Data integrity & security: Checking the reliability and security of IT systems in relation to financial data
Our approach in accordance with ISA 315
ISA 315 requires a risk-oriented analysis to identify material misstatements in financial reporting at an early stage.
Our IT assurance includes:
- Understanding the company and its environment
- Analysis of the IT infrastructure and its interaction with financial reporting
- Identifying and assessing IT risks – Testing IT-supported controls for effectiveness and efficiency
- Review of internal control systems (ICS) – Ensuring the integrity, availability and confidentiality of financial data
- Audit of IT-supported business processes – identifying and minimizing potential risks to reliable reporting
Our services in the area of IT assurance
IT audit as part of the audit of annual financial statements (GITC & ITAC)
As part of annual audits, we carry out comprehensive IT audits in which we examine both general IT controls (GITC) and application-related IT controls (IT application controls – ITAC). Our focus is on identifying potential risks in IT-based financial reporting and assessing the appropriateness and effectiveness of the controls implemented
Analysis of IT-supported business processes and controls with regard to risks, efficiency, quality and effectiveness
We analyze IT-supported business processes in order to assess their risks, efficiency, quality and effectiveness. In particular, we examine the automation of processes, the reliability of the IT systems used and compliance with regulatory requirements and internal control mechanisms.
Project-related audits for data migrations in accordance with IDW PS 850
As part of system migrations and data migrations, we support companies with project-related audits in accordance with IDW PS 850. Our aim is to ensure data integrity, identify potential sources of error at an early stage and guarantee the quality of the migration through targeted audit procedures.
Audit of IT controls at the service provider in accordance with ISAE 3402 Type 1 and Type 2 / SOC 1 reports
For companies that outsource IT services to external providers, we audit the IT controls implemented by these service providers in accordance with the ISAE 3402 (Type 1 & Type 2) standards and SOC 1 reports. We assess the effectiveness of the internal control systems to ensure that risks such as data manipulation, inadequate access rights or system failures are minimized.
SAP basic security checks
We carry out comprehensive audits of SAP’s basic security measures to uncover potential security risks. This includes analysing user and authorization concepts, checking security-relevant configuration parameters and assessing compliance requirements within the SAP system.
Carrying out audits as part of internal IT audits
In the context of internal audits, we perform audits of IT-supported processes and controls to ensure their appropriateness and effectiveness. In doing so, we place particular emphasis on compliance with internal and external regulatory requirements and on identifying and minimizing IT risks.
Data analyses with IDEA for checking accounting data (e.g. journal entry tests)
We use modern data analysis tools such as IDEA to identify anomalies and potential irregularities in accounting. With the help of journal entry tests and other analyses, we examine large volumes of data for anomalies that could indicate errors or manipulation, thereby making a valuable contribution to ensuring the financial integrity of a company.
Your added value – why IT assurance is crucial
Creating trust: strengthening credibility with investors, business partners and authorities
Prevention instead of reaction: early detection of vulnerabilities and risks
Sustainable corporate management: IT assurance as the key to digital resilience and competitiveness
Have your IT processes professionally audited and secure your company for the future.
