IT Audit
However, IT permanently bears new risks related to the security, reliability, confidentiality and availability of systems and information. Furthermore, increasing requirements to comply with laws and regulations or contractual commitments regarding governance and internal control challenge companies.
At Mazars, we will help bringing your risks under control. Because important financial information is also held in your IT systems, they have to be audited as well. An IT (EDP) audit will assess whether this information is reliable and help that any risks within these systems can be managed.
We have a team of highly qualified IT auditors, including ERP (Enterprise Resource Planning) and IT security specialists. They have years of experience and knowledge of a wide range of IT system (SAP, Microsoft Dynamics, etc.). We employ Certified Information Systems Auditors (CISA) who are registered with the ISACA, the international body of IT auditors.
As part of our services we:
- Analyse your IT systems,
- Advise on IT risks and security,
- Give recommendations on reorganization and/or reconfiguration of your systems and processes,
- Evaluate your internal IT controls, e.g. those ensuring compliance with the French Financial Security Law (LSF) and Sarbanes-Oxley (SOX) in order to support you in meeting national and international regulatory requirements.
We work to improve your technology and security by:
- Assessing your logistical and technical security according to international or industry standards (ISO 27001, etc.),
- Analysing data produced by information systems by applying data analysis software,
- Evaluating IT functions,
- Creating a disaster recovery and business continuity plan.
In terms of internal IT audit services, our offers range from
- Cosourcing: Performing particular assignments in partnership with our client’s internal audit departments to
- Outsourcing: Taking over the complete internal IT audit function.
Further services in the field of IT audit are IT project reviews and support for software selections.
For IT service organizations, we propose services according to the internationally accepted auditing standard SAS 70 (Type I / Type II) in order to provide a certificate of an effective system of internal controls.