IT audit

Businesses are increasingly reliant on technology, which creates opportunities as well as risks. As the regulatory environment grows in complexity, companies must ensure their IT systems are secure. Our IT assurance and advisory specialists can work with you to improve your overall technology risk framework.

Our approach

Digital transformation has created significant efficiencies for companies, opened up new business opportunities, and in many cases helped to drive growth. But as IT systems become more and more complex, it is critical that companies are aware of the potential risks they face. These include cyber security threats, data leaks, system disruption and potential non-compliance with regulations in the event of a failure.

At Forvis Mazars, our IT assurance advisors take an integrated, risk-based approach to provide deep insight into technology risks for boards, audit committees and senior management executives. We offer extensive sector experience across a broad spectrum of technology consulting and assurance solutions, covering cyber security, data protection, data management, IT audit, IT operations and forensic technologies.

Our focus is on providing you with a solution that works for you and your organisation:

• Working with your audit professionals to provide assurance in the technology environment used for financial reporting and related internal controls over financial reporting.
• Improving confidence in technology-dependent internal controls as a result of business growth.
• Assessing and minimising technology risks within existing technology frameworks and new business initiatives, such as implementing new technologies or launching new products or services.
• Providing insights on key technology challenges and future trends.

We are able to assist with the following services:

• IT internal audit resourcing. We work with our clients to achieve their internal audit objectives through co-sourcing, outsourcing or bespoke models, in line with their business needs.
• IT due diligence. In the event of mergers and acquisitions, we provide deep drill-downs and specific insights on the technology environment to help boards and investors make informed decisions, as part of buy-side or sell-side requirements.
• Service organisations controls reporting. We provide independent assurance on the controls implemented by service organisations providing services to user organisations. Service organisations demonstrate their internal control environment for gaining business confidence from their existing or prospective customers. We assist our clients in gaining assurance in line with applicable standards such as AAF 01/06 ICAEW, AICPA SSAE18 (supersedes SSAE16) or ISAE 3402 (referred as SOC1), or AICPA AT101 (SOC2 or SOC3), or ISAE 3000. Our services cover design (Type 1 report) and operating effectiveness (Type 2 report) of controls at service organisations.
• Diagnostic assessments. Our diagnostic assessments help clients understand the control gaps in their IT environment and improve the overall technology risk framework. We cover a range of specific risk areas such as cyber security, data privacy, IT strategy and capability, business continuity and disaster recovery, data quality, information governance and data protection/GDPR, against leading industry practices.
• Control optimisation. We help clients evaluate and streamline their existing control frameworks in the organisation.
• Independent project assurance. We can act as an independent advisor to management and project boards for effective implementation of new systems and projects, by identifying and mitigating project risks before they arise.
• Application reviews. We assist clients in reviewing their business applications to assess the control environment within systems to address specific business or process risks. The review includes access reviews, configurations and setups, master data set up, transactions, and interfaces. Our recommendations are used for enhancing functionality, security, and control environment within applications.

We employ Institute of Internal Audit (IIA) standards in the performance of our internal audit assignments and ISACA (COBIT), Prince 2 (project management) and ISO27001 (security). As members of the IIA and ISACA, these standards form a core part of our IT and security audit methodology. We understand how to apply and these standards in practice rather than just theory. 

Our team includes chartered accountants, system engineers, infrastructure specialists, CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CFIP (Certified Forensic Investigation Practitioner). We employ a specialist team of SAP auditors.

We maintain an internal IT and security audit testing lab facility within Forvis Mazars and all staff are required to spend 30% of their time in training and the use of this facility and ensuring that their technical knowledge and practical IT and security audit skills remain current and reflect best practice.

Services include:

• Outsourced IT audit
• Co-sourced IT audit
• External IT audit support
• Data analysis and interrogation
• IT audit and security
• IT infrastructure audit
• Penetration testing and vulnerability scanning
• IT risk management
• IT forensic support
• Data protection audit
• Third-party standard compliance audit

Got a question? Just get in touch

Join our mailing list

We have insights into developments that affect your business. We can provide you with unique perspectives and thoughtful solutions so you can meet new challenges and seize opportunities.

Subscribe here