Information Technology Audit
Evaluate controls related to IT
In today’s complex business environment, organisations are constantly challenged with an increasing number of information technology risks, including security threats, regulatory and legislative compliance.
To support business objectives and demonstrate compliance, organisations must implement and maintain a reliable IT control environment.
How Deloitte can help?
Deloitte can assist boards and senior executives to better understand and manage their current Information Technology risks, by providing independent and expert IT control assessment and design tailor-made recommendations to align IT controls with industry standards, regulatory requirements and best practices:
- Ad-hoc IT Audit – flexible and collaborative approach to support an organisation’s Executive Management or specific function (e.g. IT, Internal Audit, etc.) where we provide advice, leading practices, and experienced professionals with industry and specialised capabilities
- Independent Assurance for Service Organisations – SOC 1, SOC 2 and SOC 3 third party assurance reports issued under ISAE 3402 / SSAE 16 or ISAE 3000 standards can assist service organisations to demonstrate IT compliance to third parties
Deloitte proposition overview
- IT Audit – Evaluate the design and effectiveness of IT general computer controls related to business software, IT technical environment, as well as maturity of the various IT processes
- Audit of Segregation of Duties – Evaluate the design and effectiveness of application security and controls, strengthening business controls and processes, and improving segregation of duties (T24, Olympic, SWIFTAlliance, SAP, PeopleSoft, etc.)
- Service Organisation Control (SOC) reports including ISAE 3402 / SSAE 16 examinations as well as SOC 2 & SOC 3 reports
- Audit of Systems Migrations – Evaluate the design and effectiveness of test plans and data conversions performed as part of major upgrade or software transformation
- Data Analytics – Obtain and evaluate data in order to identify areas of key risk, fraud, errors or misuse; improve business efficiencies; and verify process effectiveness