IT audit in a digital world:
The digitization of the world today is leading to massive use of IT systems, which in turn is leading companies to be increasingly careful about the data stored and the reliability of the systems on which data is transmitted. It goes without saying that securing data is essential. This is why financial auditors call on experts in the field of information systems auditing to assist the certification of accounts.
Where does IT audit come from?
The IT audit profession was developed when the American Sarbanes-Oxley Act and the French Financial Security Act were introduced in 2003.
What is an IT audit?
The aim of an IT audit is to identify and evaluate the risks associated with a company's IT activities.
The IT audit ensures that there are controls in place to control the IT activity, namely:
- IT organization
- IT operations
- IT security, etc.
An IT audit consists of several stages:
- Control of the IT organization
- Review of general IT controls
- Review of application controls
Financial audit and IT audit: What is the link?
The IT audit will enable the financial auditors to ensure the completeness and quality of the data passing through the information system.
Indeed, the conclusions of the IT audit will allow the financial auditors to define the sample size and to reduce (or not) the proportion of substantive controls.
In Switzerland, financial auditors rely on the Swiss Auditing Standards (NAS). PS 401 provides guidance on audits in the information and communication technology environment.
The use of information technology brings changes in the processing, storage, and communication of financial information.
Within the framework of an IT audit, we will analyze, control and ensure the optimization of information systems while guaranteeing the quality of the information transmitted.
In addition to supporting legal missions, the IT audit will enable the identification of failures and risks linked to the information system. It will also provide a set of recommendations in line with good practice standards in IT management and the implementation of an action plan for IT security management.
The IT audit can be carried out in a number of ways, including
- Audit of the company’s IT function,
- Audit of IT projects,
- Audit of IT applications,
- Audit of the security of information systems,
- Etc.
For further information, do not hesitate to contact us.
You can also find our IT audit offer by clicking here.