Services

IT Audit Services

The IT environment is growing more complex by the day. Rapidly changing technologies, increasing demand for IT services among business units, and the continual expansion of the “extended enterprise” all translate into greater IT risks for most organizations. As organizations invest heavily in new technology, their internal audit groups face the expensive, time consuming task of keeping their own technical skills current and the challenge of recruiting properly trained staff. This situation is made more critical by the increased need to depend on the integrity of the information produced by their systems.

The IT Internal Audit and Compliance functions are tasked with keeping tabs on these risks.

So, how do you address the expanding IT Audit needs of your organization with limited resources?

What additional IT Audit skills do you need for specialized areas, such as security and privacy?

With the growing importance, prevalence and diversity of IT systems, what additional resources do you need to keep up?

How is your organization responding to these fluid issues? 

Deloitte can perform audits as part of co-source, outsourced or individual projects as well as based on staff augmentation model for a specified duration. Areas that Deloitte can assist include:

  • IT Internal Audit Transformation.
  • IT Risk Assessment and development of risk based IT IA plan.
  • IT Internal Audit Function Diagnostic review per IIA standards.
  • Execution or QA / SME support for IT audits.
  • Capacity Building Training

Our Goal:

  • Systematize, improve and integrate business procedures and the coverage of business information in the information system
  • Identify risks and weaknesses, thus enabling the definition of solutions for  introducing controls over processes supported by IT
  •  Accelerate the business information collection process
  • Centralize the control system and eliminate bottlenecks in information flow through the IS
  • Regulatory compliance
  • Reduce IT-related costs, as they represent a significant proportion of the organization's total costs
  • Ensure information confidentiality, integrity and availability
  • Assess ERP system before and after implementation
  • Align IT assessment and IT strategy
  • Attain IT management standard

 

Our Approach:

  • Testing logical and physical security controls
  • Testing IT operations
  • Testing disaster recovery procedures
  • Testing business continuity
  • Data integrity assessment (process assessment, controls identification...)
  • IT strategy preview
  • IT organization review
  • IT process review

 

The Results:   

  • Reliable IT controls and risk management capability
  • Security information management enabled
  •  Improved data availability and integrity
  • Improved ability to enter new markets
  • Enhanced reputation
  • Long-term savings
  • Revenue growth

 

Deloitte is a leader in IT Internal Audit services globally. We have distinct advantages in IT through:

Local team of professionals and access to a global team of ITIA professionals, including IT subject matter specialists in a variety of technologies and risk areas.

The ability to bring in IT specialists as circumstances arise or business needs change. This gives clients direct access to the wideranging IT capabilities of subject matter specialists virtually anywhere in the world.

A demonstrated IT IA approach that has been honed over the years in some of the most demanding environments in the world with tools and methodologies that may accelerate IT audit.

Access to leading practices and the latest IT thought leadership on audit trends and issues.

IT Processes and Controls Audit

IT audit services deal with the identification and analysis of potential risks, their mitigation or removal, with the aim of maintaining the functioning of the information system and the organization's overall business.

IT process and IT general computer controls are key to safeguarding assets, maintaining data integrity and the operational effectiveness of an organisation.

We offer services that identify, develop and test internal controls and policies. Our control reviews are created and implemented to address management objectives ranging from business process, to application and technology infrastructure controls.

Invariably, our reviews are in the context of business and/or audit risk. Not only do we seek to highlight significant exposures, we also go the extra mile to recommend potential solutions for risk mitigation.

Third-Party Assurance

Outsourcing operations does not transfer the risk associated with that process. The organization that is outsourcing (user entity) continues to remain responsible for governance, risk management and compliance for the processes/operations now managed by their service provider. Regulators and  industry bodies are focused on addressing the risks arising out these changes. In this context, service providers (service organizations) build trust and confidence in the services performed and the associated controls through  system and organization controls (SOC) reports.

 

Deloitte offers a range of third-party assurance services and assists clients
in selecting the most suitable third-party reporting option:

 

    Assurance related reporting undertaken to provide an independent report     on the user entities internal control environment for use by management of     the service organizations, user entities and/or their auditors.

  • Assurance over financial reporting process - SOC 1 reports over controls that impacts the financial reporting of user entities.  

 

    Assurance over operations – SOC 2, SOC 3 and custom reports.

  • Customized reports to meet specific industry or customer requirements, such as, SOC for Supply Chain, 2+ reports for applicable industry standards such as NIST, ISO, WebTrust, COBIT, etc.

 

    Factual reporting on findings/observations as part of an assessment.

  • Agreed-upon procedures (AUP) report - report of factual findings, based on specific and upfront agreed procedures performed on a “subject matter” or an “assertion”.
  • Readiness assessment - readiness assessments to explore companies’ preparedness to address risks or needs associated with their outsourced service provider programs.

IT Audit Outsourcing

To help IT reach its potential and ensure compliance with applicable regulatory requirements, companies need IT internal audit skills and experience. As companies seek to do more and better for less, and as management and business owners' expectations of internal audit continue to rise, the internal audit function is emerging as a prime candidate for resource mobilization through out-staffing, co-sourcing and outsourcing.


We offer professional IT internal audit services, technical expertise, industry insights, and business and IT skills that will enable us to work effectively with your organization to provide the following services:

  • Training - we provide training on the most relevant internal audit methodologies, talk about current regulatory requirements, and help your employees understand how to optimize and increase the efficiency of the use of Company resources.
  • Out-staffing - we are ready to provide our highly specialized specialists to carry out individual internal audit procedures in a limited time, and Deloitte employees can independently manage various projects.
  • Co-sourcing – we can work with your internal audit department to perform specific audit assignments as required using our extensive skills and knowledge.
  • Outsourcing - we are ready to take on the implementation of all types of internal audit activities: from the development and implementation of best practices for internal IT audit to testing and evaluating the effectiveness of the internal control system.

Advantages of the involvement:

  • All the resources you need are available when you need them—no more needing to bring in a specialist with general knowledge when you need a specialist with specific area of expertise.
  • The highest-performing Deloitte employeescan be selected to perform the work, thereby preventing leakage of keyknowledge and experience.
  • The variable cost model allows you toadjust the scope of your audit depending on the level of risk: internal audit procedures are developed in accordance with your risk profile.
  • A significant item of expenses for the payment of bonuses, benefits and payment for staff training is completely excluded.
  • The quality of the audit is improved by bringing in experts who can provide more valuable and useful information.
  • Travel expenses of the parent company are reduced by attracting foreign specialists with deep knowledge of local specifics and foreign languages.
  • The parent company team can focus on the verification of subsidiaries, while the subsidiary is responsible for preparing for verification through outsourcing and co-sourcing.