IT Audit and Assurance

Transforming IT Internal Audit


The IT environment is growing more complex by the day. Rapidly changing technologies, increasing demand for IT services among business units, and the continual expansion of the “extended enterprise” all translate into greater IT risks for most organizations.

As organizations invest heavily in new technology, their internal audit groups face the expensive, time consuming task of keeping their own technical skills current and the challenge of recruiting properly trained staff. This situation is made more critical by the increased need to depend on the integrity of the information produced by their systems.

The IT Internal Audit and Compliance functions are tasked with keeping tabs on these risks.

  • So, how do you address the expanding IT Audit needs of your organization with limited resources?
  • What additional IT Audit skills do you need for specialized areas, such as security and privacy?
  • With the growing importance, prevalence and diversity of IT systems, what additional resources do you need to keep up?
  • How is your organization responding to these fluid issues?

Deloitte can perform audits as part of co-source, outsourced or individual projects as well as based on staff augmentation model for a specified duration.

Areas that Deloitte can assist include:

  • IT Internal Audit Transformation.
  • IT Risk Assessment and development of risk based IT IA plan.
  • IT Internal Audit Function Diagnostic review per IIA standards.
  • Execution or QA / SME support for IT audits.
  • Capacity Building Training.
IT Audit and Assurance

Our Services Portfolio

Deloitte has services that can help clients assess:

Core Risks

Advanced Risks

Emerging Risks

  • IT General Controls
  • IT Service Management
  • Application Controls
  • Segregation of Duties
  • Security Configuration
  • Vulnerability Assessment
  • Application Discovery
  • Physical Security
  • IT Governance
  • IT Risk Management (ITRM)
  • IT Outsourcing and Third Party Risk
  • Application Utilization
  • ERP GRC Technology
  • Software Asset Management Process
  • Software License Baseline
  • Project Risk
  • End User Computing
  • Security Governance and Management
  • Penetration Testing
  • Identity & Access Management
  • Data Conversion & Migration
  • Data Quality & Integrity
  • Data Governance & Management
  • Business Continuity Management
  • IT Disaster Recovery
  • Privileged  Access Management (PAM)
  • Cloud Computing
  • Virtualization
  • Social Media
  • Digital Programs
  • Data Privacy & Protection
  • Mobile Device Security
  • Web / Mobile Application Security
  • Secure System Development Lifecycle
  • Industrial Controls Systems (ICS) Security
  • Sustainable IT
  • Covert Operations
  • Security Incident & Event Management
  • Crisis Management & Communications

 In addition, we have experience in developing and delivering IT Audit and risk management training to many of our clients. This training can be used by you to develop core IT risk competencies or as a cost effective solution to providing your team with exposure to specialists with specific technical skills.

Why Deloitte

Deloitte is a leader in IT Internal Audit services both in the Middle East and globally. We have distinct advantages in IT through:

  • Local team of 100+professional and access to a global team of ITIA professionals, including IT subject matter specialists in a variety of technologies and risk areas
  • The ability to bring in IT specialists as circumstances arise or business needs change. This gives clients direct access to the wide-ranging IT capabilities of subject matter specialists virtually anywhere in the world
  • A demonstrated IT IA approach that has been honed over the years in some of the most demanding environments in the world with tools and methodologies that may accelerate IT audit
  • Access to leading practices and the latest IT thought leadership on audit trends and issues.


Deloitte practice highlights

Resources - We have a team of over 100 cyber & technology risk professionals within the ME and over 10,000 globally.

IIA IT Audit curriculum - The Institute of Internal Auditors selected Deloitte as the sole source to provide IT Audit training for its 100,000 members. We continue to deliver these programs locally.

Specialists - In addition to our unique market position of having retained our consulting business, we have significant experience of implementing technology solutions rather than simply delivering assurance or assessment reports, giving you access to technical experts who can understand the design and implementation of technical controls.

Certifications –Most of our professionals maintain one or more certifications, suchas CA/CPA, CIA, CISA, CISM, PrinceII, and CISSP.