Our expertise in IT Auditing
The necessity for professional IT auditing is becoming increasingly important as business processes are now more and more automated. Furthermore, developments in the area of IT are very fast moving and the IT systems used are becoming more and more complex. Therefore, an IT audit to carry out a regular check of the security, availability, functioning and compliance of the IT systems is absolutely vital.
On the basis of the audit maps we have developed for the individual areas of operations/audit fields, we carry out audits for IT functions, such as, for example:
- IT Security
- Facility security
- Availability of IT systems
- Data backup and archiving
- IT risk management (e.g. risk analysis, precautions)
- Emergency and breakdown precautions, catastrophe contingency planning
- Network security (e.g. outage/interception protection)
- Software (systems) (e.g. access rights, updates)
- Mobile communication security
- Use of cloud solutions
- Further focal points.
- IT Applications
- Functionality
- User rights concept
- Release management/approvals process
- Design of user screens
- Customizing
- Test procedures
- Process documentation
- Further focal points.
- IT Procurement and License Management …
- Procurement process (from requirements analysis, specification, sourcing via tenders right across to placing of order/contractual negotiations/drafting of contract)
- Updating of article and master data
- Settlement of contractual terms
- Quality assurance/functional tests
- Warranty
- Invoice checks
- Further focal points.
- IT Organization (Cobit)
- Recording of IT objectives
- Comparison with COBIT IT objectives
- Integration of COBIT processes
- Evaluation of COBIT process maturity
- Discussion of the actual state of maturity and determination of the target maturity levels
- Suggested measures for target achievement
- Continuous monitoring.
- IT strategy
- Implementation of IT support
- IT projects (ex post, ex ante, project flanking, conventional and agile methods)
- Penetration testing.
Our basis for these audits includes the relevant legislation, administrative regulations, acknowledged rules and best practices:
- German Tax Code (AO)
- German Commercial Code (HGB) • Federal Data Protection Act (BDSG)
- Principles of Data Access and Auditing of Digital Documents (GDPdU)
- Principles of Regular Data Processing-supported Accounting Systems (GoBS)
- Expert Committee of Information Technology (FAIT)
- Information Technology Infrastructure Library (ITIL)
- Control Objectives for Information and Related Technology (COBIT) - list of measures provided by the Federal Department for Security in Information Technology (BSI lists).