IT AUDIT SERVICES
Our IT audit services offer you a detailed review of your IT systems to identify IT-related risks and increase the security of your information assets and data. Our experts analyse your IT landscape and check compliance with legal regulations and industry standards. We provide you with detailed reports and recommendations for action to identify and eliminate vulnerabilities and increase the security level of your IT systems.
Rely on our expertise to optimise your IT landscape and reduce risks.
Recognising risks, seizing opportunities - on the safe side with our IT audit.
OUR IT AUDIT SERVICES
IT-AUDIT
Due to the increasing digitalization of accounting-relevant business processes, the IT audit is becoming an integral part of the annual audit as part of a risk-oriented audit approach.
As part of the audit of the annual financial statements, the compliance and security requirements for accounting-relevant IT systems must be analysed and evaluated.
Our IT specialists support you in analysing and evaluating complex accounting-relevant IT systems and carry out a risk-oriented audit in close coordination with you and your audit team.
The kick-off meeting is used for internal audit planning and is intended to create the basis for joint collaboration. This is where everyone involved can share their expectations and requirements for the process.
The test of design audit serves to gain a basic understanding of the IT environment and the IT-supported accounting-relevant business processes.
We assess the design of the IT controls implemented on the basis of available documentation for the identified accounting-relevant IT systems.
As part of the test of effectiveness, we test the effectiveness of the IT controls implemented over the client's respective reporting period on the basis of selected samples.
We also prepare a meaningful management letter with derived and practical recommendations for action based on our many years of experience.
DATA ANALYSIS
Our data analysis enables you to efficiently analyse large volumes of data and gain valuable insights.
We help you to recognise complex correlations and patterns in your data.
With our expertise, we support you in making well-founded decisions, optimising business processes and achieving competitive advantages on the basis of the knowledge gained from mass data analysis.
The increasing digitalization of business processes generates a large number of transactions every day in almost all business areas of an organisation. We use modern analysis software to analyse this raw data and interpret the results.
Using journal entry tests, for example, we can analyse mass transactions within general ledgers and sub-ledgers and identify anomalies in the data. Accounting-related ERP systems generally have a GoBD-compliant interface that enables customised data extraction. Our IT specialists analyse the data on this basis and prepare the results in a way that is appropriate for the target group.
The tax authorities have the right to audit financial documents created with the help of an IT system and required to be retained in accordance with Section 146 (1) AO by accessing the data. In these cases, the tax authorities can request three possible forms of data provision. A frequently used form of provision in practice is the so-called data carrier transfer (Z3). In this case, the taxpayer must extract from his ERP system and make it available to the tax authority on a data carrier. In practice, it is often unclear which audit steps are carried out.
With our tax audit simulation, we can simulate a tax audit by carrying out various audit steps frequently used by the tax authorities on the basis of the data extracts provided from the ERP system. We use the same analysis software that is also used by the tax authorities. This allows you to counter possible surprises and potential risks of a tax audit in advance.
With the help of forensic analyses, we examine your company's data for possible white-collar crime incidents or actions. In practice, there are usually concrete grounds for suspicion that make forensic analyses necessary. White-collar crime can be analysed through digital traces left behind by the perpetrators using modern analysis software. As part of a comprehensive case analysis, perpetrators must be identified, evidence secured and possible damage assessed. The data on which the analysis is based can come from various IT systems.
SOFTWARE CERTIFICATE (IDW PS 880)
For manufacturers of accounting-relevant software or ERP systems, the software certificate (IDW PS 880) is an essential quality feature.
The basis for issuing a software certificate is audit standard 880 of the Institute of Public Auditors in Germany (IDW).
A current software certificate is a decisive selection criterion, particularly when acquiring new customers. In practice, software certifications in accordance with IDW PS 880 are often used by potential customers as a selection criterion for accounting-related software in order to obtain external proof of the correctness and security of the software.
The aim of the software audit is to assess with sufficient certainty whether the software product fulfils legal and regulatory requirements in particular when used properly. The specific underlying requirements and the scope of the audit are jointly defined in the engagement agreement.
In the case of software related to accounting or the internal control system, these are in particular
- The generally accepted accounting principles and the associated requirements for the correctness and security of accounting-related programme functions as well as
- regulatory requirements for accounting and the internal control system.
The software as a whole or individual modules thereof can be the subject of a software audit.
- Recording of the software product to be audited and the software development environment
- Checking that the process documentation is complete and up to date
- Assessment of the software development procedure including the software maintenance, testing and release procedure
- Examination of the appropriateness of the programme functions required for the software product's area of responsibility (set-up examination) and the meaningfulness of the relevant procedural documentation
- Examination of the proper technical implementation of the programme functions deemed appropriate (functional test)
- Reporting and issuing a software certificate
