RSM Australia

IT audit

There is an increasing demand for specialist IT audit and IT risk management skills to address the changing requirements and demands of today's business enterprises and the increased risk awareness of board members and executive management.

RSM provides specialists skilled in the disciplines of IT governance, IT risk advisory, information security and IT audit, with a view to meeting these demands. We provide services and advice in support of external auditors and in the roles of internal audit, IT risk advisors and as independent consultants to executive management, IT management and business unit managers.

We service organisations in the government and private sectors and operate across all technology platforms and software environments. Our IT risk and audit practitioners understand the risks which may jeopardise the availability, integrity and performance of your business systems and data. Our aim is to provide independent and objective services to identify and measure risk and the effectiveness of your processes and controls and then to assist you in formulating practical remedial measures to mitigate that risk.

IT audit focus areas

  • assessing effectiveness of processes/controls in the IT environment/infrastructure
  • assessing the effectiveness of processes/controls addressing specific business systems
  • assessments focused on specific risks
  • assessments of third party organisations (performance against contract, SAS70 reviews)
  • audits and pre-certification reviews for a range of standards applicable to today's IT environments (eg ITIL, COBIT, PCI, ISO/IEC 31000, ISO/IEC 20000, ISO/ IEC 27001)
  • information management and data security 
  • vulnerability assessments (WAN, LAN, internal and external threats)
  • IT governance (business reliance on IT, performance, accountability, return on investment, effectiveness in servicing the business requirements)
  • IT project governance (involvement in projects for the purposes of assessing project governance and ensuring compliance with methodology)
  • pre- and post-implementation reviews 
  • benefits realisation reviews and assessment of return on investment 
  • maturity assessments and modeling
  • design and execution of computer assisted audit techniques (CAAT) and data analysis to support
  • investigations, evidence gathering, audits and other reviews requiring high volume, objective data analysis 
  • business impact assessments, recovery strategy selection, assistance with the development
  • and implementation of disaster recovery plans and business continuity plans
  • assisting in the establishment and implementation of organisation-wide specific IT control frameworks such as COBIT (the international Information Systems Association of Certified Auditors product) and ITIL

Recent AML/CTF Updates: A KYC Game Changer

24 October 2016
Fundamental changes to how reporting entities collect ‘Know Your Customer’ (KYC) information

Our services to the local government sector

10 October 2016
RSM has a long history, both in Australia and overseas, of providing a wide range of value added services to local government. Challenges facing Councils and Councillors continue to increase, driven by greater community expectations, regulatory changes, and enhancements to governance structures, amalgamations and restructures.

The importance of risk management in today’s digital business environment

28 May 2015
Businesses must put the right security and processes in place to remain safe and sustainable, particularly in today’s changing business environment. There are many factors to consider from a risk perspective, and getting it right is critical. However, these steps do not require complex solutions in all cases, just diligence and attentiveness to the risks.