IT audit

Organisations continue to face the difficulty of knowing which fundamental technology (IT) controls should be in place to protect their business data and IT systems

Information technology audit (IT Audit)

With rapid changes in technology across a magnitude of industries, organisations continue to face the difficulty of knowing which fundamental technology (IT) controls should be in place to protect their business data and IT systems.

An information technology audit from RSM is effective and affordable point-in-time assessment of the organisation’s internal IT control and IT risk management practices.

RSM can conduct these reviews with the intent of identifying any control gaps against known information technology and information security better practices, which may lead to the compromise of organisational data, or a disruption of services.

RSM Information and user Data privacy services


Darren Booth

E: [email protected]
T:+61 3 9286 8158

How can we help you?

 Locate nearest office

Information and Data Privacy services

In today's information-driven business environment, organisations must continually evaluate their ability to protect information assets.

An IT Audit is suitable for any organisation who wishes to risk assess their current information assets against known information technology and information security better practices and determine what data integrity, client and server changes as well control and procedural changes they can implement to make technology infrastructure more secure.

Effective IT audit can help organisations not only improve internal controls and security but also achieve their IT systems and applications goals and objectives.

Have a question about workplace health and safety laws? We can assist

Who needs this?

RSM provides specialists skilled in the disciplines of IT governance, technology risk advisory, information security and IT audit - from services and advice in support of external auditors, internal audit, IT risk advisors and as independent consultants to executive management, IT management and business unit managers.

Overview of information technology audit services

The IT internal audit seeks to evaluate the organization and provide our clients with a sound understanding of how they are meeting better practices in the following key areas of focus:

Contact a workplace assurance specialist
  • Assessing the effectiveness of processes/controls addressing specific business systems development
  • Assessments focused on specific risks
  • Assessments of third party organisations (performance against contract, ASAE 3402, CPS 234)
  • Audits and pre-certification reviews for a range of standards applicable to today's IT environments (ITIL, COBIT, PCI DSS, ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018)
  • Information management and data security
  • Vulnerability assessments (WAN, LAN, internal and external threats)
  • Identity and access management, privileged access allocation and the monitoring of account activity
  • IT governance (business reliance on IT, performance, accountability, return on investment, effectiveness in servicing the business requirements)
  • IT project governance (involvement in projects for the purposes of assessing project governance and ensuring compliance with methodology)
  • Pre- and post-implementation reviews
  • Benefits realisation reviews and assessment of return on investment
  • Maturity assessments and modeling
  • Design and execution of computer-assisted audit techniques (CAAT) and data analysis to support
  • Investigations, evidence gathering, audits and other reviews requiring high volume, objective data analysis
  • Business impact assessments, recovery strategy selection, assistance with the development and implementation of disaster recovery plans and business continuity plans
  • Assisting in the establishment and implementation of organisation-wide specific IT control frameworks such as COBIT (the international Information Systems Association of Certified Auditors product) and ITIL
  • IT general controls assessments on IT security policies and security management procedures, logical access, change and release management, IT physical and environmental security, incident and problem management, and disruptive conditions to disaster recovery and backups.

RSM offers Workplace assurance advice

3 tips to protect your government agency from a ransomware attack

23 September 2021
Are you scared of being a victim of ransomware?

Five considerations for boards to improve data privacy

3 July 2020
Data privacy awareness and compliance are crucial to handling emerging threats, and are fast becoming a major area of consideration among organisations and individuals.

Business has changed again - is it time to update your business systems?

14 April 2020
Many businesses were planning to put 2019 behind them and were looking forward to 2020 with some optimism.  However, with the impact COVID-19 being felt by all, the first quarter of 2020 has not gone to plan.

Home office security essentials and tax deductions during COVID-19

26 March 2020
To minimise the spread of COVID-19, businesses across the globe are hurrying to implement remote working for employees.

South Pacific and Asia Conference 2020 (SOPAC®)

2 March 2020
Darren Booth, National Head of Security and Privacy Risk Services at RSM Australia, will be presenting at the upcoming South Pacific and Asia Conference 2020 (SOPAC®) on 'The latest news in cyber security'. This presentation will cover the following:

Catch 22: Digital Transformation and it's impact on cybersecurity | RSM Australia

17 February 2020
Regardless of their digital footprint, any business with a reliance on technology is at risk of cybercrime.

Independence issues for internal auditors

12 February 2020
Internal audits can help organisations understand how well they’re managing their risk, control, and governance processes. Internal auditors don’t just examine an organisation’s financials; they review all aspects of its operations to identify ways to help the organisation improve its performance. 

Audit Office of NSW - Internal Controls and Governance 2019

30 January 2020
In November 2019, the Audit Office of New South Wales (AONSW) released a report summarising sector-wide findings and recommendations relating to internal controls and governance from their 2018-19 financial audits of the 40 of the largest public-sector agencies in NSW.

Audit Committee Guidelines by the Department of Finance

30 January 2020
A good governance is a combination of processes and structures implemented by the Board to inform, direct, manage and monitor the activities of the organisation toward the achievement of the organisation’s objectives. The Audit Committee plays a pivotal role in ensuring good governance by overseeing the organisation’s

Cyberthreats in the healthcare industry: More about people than IT

19 December 2019
Health care companies must train staff to be vigilant around security. 

Top of mind Cyber Security concerns for the financial services industry

26 September 2019
Cyber attacks and data breaches are now commonplace in financial services, more so than in any other industry and becoming the number-one risk concern for executives and directors.  

Assessing Governance - A Critical Step for Successful Change

14 March 2018
Perhaps one of the absolute truisms is that we live in a changing world. 

Recent AML/CTF Updates: A KYC Game Changer

24 October 2016
Fundamental changes to how reporting entities collect ‘Know Your Customer’ (KYC) information

Our services to the local government sector

10 October 2016
RSM has a long history, both in Australia and overseas, of providing a wide range of value added services to local government.

The importance of risk management in today’s digital business environment

28 May 2015
Businesses must put the right security and processes in place to remain safe and sustainable, particularly in today’s changing business environment. There are many factors to consider from a risk perspective, and getting it right is critical.