Business processes in companies today are no longer implementable without information technology (IT). Their reliability and regularity are among the essential factors for economic success and continuity of service delivery. Trust, availability and integrity of the data generated by the business processes are the basis for reliable as well as proper IT-supported bookkeeping.

Within the scope of individual and group financial statements, we conduct IT audits in order to assess the compliance of the accounting-related IT and thus to be able to make a risk assessment with regard to the audit of the annual or group financial statements. The focus here is on the so-called General IT Controls (GITCs) as well as the application checks "anchored" in the applications.

GITCs are basically divided into the areas of

  • IT organisation
  • Procurement, development and maintenance
  • Logical access protection
  • IT operation

The focus of the annual financial statements audits and group financial statements audits is particularly on the area of "procurement, development and maintenance" as well as logical access protection. Application checks to be audited are identified by the audit team during the process and monitoring survey.

Voluntary special audits

We also conduct voluntary special audits other than audits of financial statements, using the same methodological approach. The extent and focus of the audit are individually coordinated with you. In particular, we can subject authorisation concepts, data migrations in ERP system conversions or IT development projects to detailed investigation and provide confirmation services.

Audit of outsourced services

If essential parts of the accounting-related IT are outsourced to a service provider, it is advisable for the service provider to commission an ISAE 3402 report. This can be presented to the independent auditor of the service provider's customers and confirms the regularity of the service provider's internal control system. We perform the audit of the service-related internal control system (DIKS) for service providers and report in accordance with ISAE 3402 Type 1 or Type 2.