IT & Audit Assurance

To enable the sustainable growth of an organisation, it is essential to increase the transparency, relevance, and value of information on business performance disclosed to the market, investors and regulators.

Deloitte’s IT and Audit Assurance services provide clients with audit analytics to extract insights from data, specialised technology audits of security and controls, and third-party readiness and verification to manage extended enterprise risks.

Our Services

By teaming with, or serving as, the internal audit function, we make improvements in internal control and process efficiency and contribute to effective regulatory compliance. We provide input about the strategy, purpose, resourcing models, and technology of established internal audit functions.

With increased IT corporate governance concerns, security threats, data quality issues and privacy legislation, organisations need to ensure the integrity, confidentiality and availability of information and the underlying systems. Our IT Assurance services focus on the identification and mitigation of risks affecting internal systems, business processes, projects, applications, data and third parties.

We leverage frameworks and standards such as ITIL, COBIT, ISO/IEC 27001:2013 and COSO Internal Control together with Deloitte proprietary tools to identify control weaknesses or gaps and to make implementable recommendations.

Banking information is some of the most important information to keep private. That is why recent high-profile cyber-attacks on customers using Society for Worldwide Interbank Financial Telecommunications (SWIFT) are so significant. 

We can help you to navigate the factors associated with implementing SWIFT's Customer Security Controls Framework (CSCF)  as well as address SWIFT dependencies and ultimately disrupt through innovation.

In the modern world, the question of information security is one of the most important factors of competition. TISAX acceptance in the individual sectors has been addressed in the automotive industry, where massive amounts of data are created and exchanged across the automotive industry throughout the entire lifecycle. Suppliers and/or service providers for the automotive industry need to ensure customers that they keep their information secure.

We address regulatory and marketplace demands to manage third-party risk through our third-party optimisation services. We can provide both parties of the customer/vendor relationship with an objective report of the control environment, making it applicable for different purposes. 

We help clients manage extended enterprise risk by conducting independent assessments of the organisation’s control procedures to ensure that the existing controls/processes meet management objectives and to demonstrate control effectiveness to customers and their auditors through independent reporting. 

One of the most effective ways a service organisation can communicate information about its risk management and internal controls is through a service audit report, which covers IT, financial and/or business processes.

Currently, there is a wide selection of service audit reports to choose from, such as ISAE 3402, SSAE 18, SOC 1, SOC 2 and SOC 3. All the reports differ in terms of the scope of control evaluation as well as the provided level of assurance and can be issued as of a specific point in time or covering a defined period. At Deloitte, we prepare all of the above-mentioned reports and help our clients with selecting the right report to cover their needs and maximise the effectiveness of the cost, timeliness and obtained level of assurance.

Given the increasing need for electronic payments regulatory harmonization and to implement consumer protections the EU has introduced the Payment Service Directive 2 – PSD 2. The focus is on improving transparency and security. It requires to inform the costumer on conditions and required information for payment services. Additionally, it calls for strict security requirements in order to protect the costumer’s financial data and to lessen the risk of fraud. This directive significantly affects payment providers, requiring the sector to lean a new way of entering payments.

Contact us

Martin Kubačka

Martin Kubačka


Martin is a Partner in the Risk Advisory department of Deloitte in the Czech Republic. He leads the Operational Risk offerings, including data privacy, regulatory compliance, GRC, extended enterprise ... More