Are technology controls managing your financial reporting and business risks?
With technology increasing in sophistication and complexity and becoming ever more critical to your business. To maintain assurance over the financial and operational risks you face and to meet your external audit responsibilities, a strong, effective IT Audit review is growing increasingly important.
We provide qualified expert resources to undertake IT Audits and data migrations, including expert guidance/recommendations on information risk management and requirements of the IT
IT Audit: Our IT audit specialists are trained to operate alongside our financial auditors to add value to BDO Audit Methodology. This includes a review over the IT General Controls (ITGCs), automated application & business processing controls, batch processing risks and BDO’s data analytics solutions (using tools such Qlik, IDEA, and SQL scripting). Our IT Audit typically includes:
- Access Management: we provide an evaluation of authentication and identity management controls, deployment of tools to assess segregation of duties across systems or databases and review of privilege users.
- Project and Change Management: we provide an assessment of your technology strategy, the quality of the functional or technical specifications, stakeholder engagement, project governance, project planning, financial management, change management control process, data migration, testing plans, training approach, cut-over to ‘business as usual’ and management of 3rd parties. We tailor our IT audit or health-check to focus on the key challenges or risks facing the in scope IT application(s) or transformation programme.
- Application Level Risks: Our specialists in SAP, Oracle, Navision, SAGE and other systems can tailor specific reviews to cover user commissioning, evaluation of roles & permissions, automated controls or system embedded workflows, change management, interface management. We can deploy security tools and data analytics to aid the quality of the outputs.
- Computer Operations: Our specialists can assess the quality of your incident management process, disaster recovery plans, backup arrangements, testing and recovery approach.