Audit of the Information System

IT audit and information systems security checks are related to identifying and analyzing potential risks, mitigating them or completely removing them, all in order to preserve the operation of the information system and the entire operation of the organization

Audit, review and evaluation of IT systems

The IT audit evaluates IT system management, its compliance with corporate governance, vision, mission and objectives of the organization and with the regulatory requirements.


The aim of IT audit, review and evaluation of IT systems?

  • Systematization, improvement and merging of business procedures and includes business information in the information system
  • Identifying risks and weak points, enabling defining solutions for placing control over processes supported by information technology
  • Speed up the business information collection process
  • Centralising the control system and eliminating bottlenecks in the flow of information through IS
  • Fulfilling regulatory obligations
  • Reducing IT-related costs because they represent a significant proportion of the organization's total costs
  • Ensuring confidentiality, integrity and availability of information
  • ERP System Rating before and after implementation
  • Harmonize IT rating and IT strategy
  • Achieving standards in IT management.


Deloitte approach:

  • Testing logical and physical security controls
  • Testing IT operations
  • Testing disaster recovery procedures
  • Testing business continuity
  • Data Integrity Assessment (Process Assessment, Identifying Controls...)
  • Assessment of controls over critical system platforms, network and physical components, IT infrastructures that support relevant business processes
  • Overview of IT strategies
  • Overview of IT organization (organizational structure, guidance..)
  • Overview of IT processes (helpdesk, service management, application management supervision.


IT Audit Methodology:

  • Cobit, ISO 27002
  • Central bank regulations (Republic of Serbia, Bosnia and Herzegovina, Montenegro)
  • Deloitte’s methodology.


Activities when conducting the audit:

  • Interviews with business users and IT employees
  • Analysis of documentation and check the adequacy of control design
  • Testing the operational efficiency of controls
  • Check of automatic - software controls.



Detailed description of the conducted IT review – GAP analysis, according to control objectives with the description of control objectives, findings and recommendations for improvement in accordance with best practices

  • Reliable IT controls and risk management capabilities
  • Reliable Information Management
  • Improved data availability and integrity
  • Improved ability to enter new markets
  • Improved reputation
  • Long-term savings
  • Increased revenues.


Types of engagements:

  • Externalized internal IT audit
  • External IT audit with system rating
  • Assessment of the maturity of information system relative to industry rappers (industry benchmark).

Design of IT audit methodology and IT audit programs

Deloitte can help you develop an IT audit methodology that is tailored to the needs and architecture of your information system in accordance with best practices.

Information system risk assessment and strategic planning of internal audits of the information system

Deloitte can help you conduct information system risk assessments and identify critical areas that should be subject to internal review. The results of the review can be used to develop strategic and annual internal audit plans.