RSM Australia

IT audit

There is an increasing demand for specialist IT audit and IT risk management skills to address the changing requirements and demands of today's business enterprises and the increased risk awareness of board members and executive management.

RSM provides specialists skilled in the disciplines of IT governance, IT risk advisory, information security and IT audit, with a view to meeting these demands. We provide services and advice in support of external auditors and in the roles of internal audit, IT risk advisors and as independent consultants to executive management, IT management and business unit managers.

We service organisations in the government and private sectors and operate across all technology platforms and software environments. Our IT risk and audit practitioners understand the risks which may jeopardise the availability, integrity and performance of your business systems and data. Our aim is to provide independent and objective services to identify and measure risk and the effectiveness of your processes and controls and then to assist you in formulating practical remedial measures to mitigate that risk.

IT audit focus areas

  • assessing effectiveness of processes/controls in the IT environment/infrastructure
  • assessing the effectiveness of processes/controls addressing specific business systems
  • assessments focused on specific risks
  • assessments of third party organisations (performance against contract, SAS70 reviews)
  • audits and pre-certification reviews for a range of standards applicable to today's IT environments (eg ITIL, COBIT, PCI, ISO/IEC 31000, ISO/IEC 20000, ISO/ IEC 27001)
  • information management and data security 
  • vulnerability assessments (WAN, LAN, internal and external threats)
  • IT governance (business reliance on IT, performance, accountability, return on investment, effectiveness in servicing the business requirements)
  • IT project governance (involvement in projects for the purposes of assessing project governance and ensuring compliance with methodology)
  • pre- and post-implementation reviews 
  • benefits realisation reviews and assessment of return on investment 
  • maturity assessments and modeling
  • design and execution of computer assisted audit techniques (CAAT) and data analysis to support
  • investigations, evidence gathering, audits and other reviews requiring high volume, objective data analysis 
  • business impact assessments, recovery strategy selection, assistance with the development
  • and implementation of disaster recovery plans and business continuity plans
  • assisting in the establishment and implementation of organisation-wide specific IT control frameworks such as COBIT (the international Information Systems Association of Certified Auditors product) and ITIL

Catch 22: Digital Transformation and it's impact on cybersecurity | RSM Australia

17 February 2020
Regardless of their digital footprint, any business with a reliance on technology is at risk of cybercrime.

Independence issues for internal auditors

12 February 2020
Internal audits can help organisations understand how well they’re managing their risk, control, and governance processes. Internal auditors don’t just examine an organisation’s financials; they review all aspects of its operations to identify ways to help the organisation improve its performance. 

Audit Office of NSW - Internal Controls and Governance 2019

30 January 2020
In November 2019, the Audit Office of New South Wales (AONSW) released a report summarising sector-wide findings and recommendations relating to internal controls and governance from their 2018-19 financial audits of the 40 of the largest public-sector agencies in NSW.

Audit Committee Guidelines by the Department of Finance

30 January 2020
A good governance is a combination of processes and structures implemented by the Board to inform, direct, manage and monitor the activities of the organisation toward the achievement of the organisation’s objectives. The Audit Committee plays a pivotal role in ensuring good governance by overseeing the organisation’s

Cyberthreats in the healthcare industry: More about people than IT

19 December 2019
Health care companies must train staff to be vigilant around security. 

Top of mind Cyber Security concerns for the financial services industry

26 September 2019
Cyber attacks and data breaches are now commonplace in financial services, more so than in any other industry and becoming the number-one risk concern for executives and directors.  

Assessing Governance - A Critical Step for Successful Change

14 March 2018
Perhaps one of the absolute truisms is that we live in a changing world. 

Recent AML/CTF Updates: A KYC Game Changer

24 October 2016
Fundamental changes to how reporting entities collect ‘Know Your Customer’ (KYC) information

Our services to the local government sector

10 October 2016
RSM has a long history, both in Australia and overseas, of providing a wide range of value added services to local government.

The importance of risk management in today’s digital business environment

28 May 2015
Businesses must put the right security and processes in place to remain safe and sustainable, particularly in today’s changing business environment. There are many factors to consider from a risk perspective, and getting it right is critical.