IT Audit & Assurance Services
Our IT Audit and Assurance services help the organisation improve the technology risk framework and provide deep insights into technology risks for senior management executives supporting their business decisions. Our risk-based approach covers a wide range of technology advisory and assurance solutions.
Examples of our services include:
- Advisory and consulting services with regards to new legal and regulatory requirements including e.g. DORA or NIS2.
- IT internal audit resourcing, co-sourcing, outsourcing or bespoke models, in line with their business needs.
- IT due diligence. In the event of mergers and acquisitions, we provide deep drill-downs and specific insights on the technology environment to help boards and investors make informed decisions, as part of buy-side or sell-side requirements.
- Third Party Assurance Reports and Service organisations controls reporting. We assist our clients in gaining assurance in line with applicable standards such as AAF 01/06 ICAEW, AICPA SSAE18 or ISAE 3402 (referred as SOC1), or AICPA AT101 (SOC2 or SOC3), or ISAE 3000. Our services cover design (Type 1 report) and operating effectiveness (Type 2 report) of controls at service organisations.
- Independent reviews & gap assessments. Our diagnostic assessments help clients understand the control gaps in their IT environment and improve the overall technology risk framework. We cover a range of specific risk areas including cyber security, data privacy, IT strategy and capability, business continuity and disaster recovery, data quality, information governance and data protection/GDPR, against leading industry practices.
- Control optimisation. We help clients evaluate and streamline their existing control frameworks in the organisation.
- Independent project assurance. We can act as an independent advisor to management and project boards for effective implementation of new systems and projects, by identifying and mitigating project risks before they arise.
- Application and Systems reviews. We assist clients in reviewing the business applications to assess the control environment within systems to address specific business or process risks. The review includes access reviews, configurations and setups, master data set up, transactions, and interfaces. Our recommendations are used for enhancing functionality, security, and control environment within applications.
- Privacy and data protection audits, reviews, compliance and maturity assessments
- Data privacy and protection, advisory, compliance and audit
Contact us for a discussion around your particular needs.
Our people
Our specialists hold globally recognised certifications and have experience of working with global standards.