Paper documents are a thing of the past. So it is no surprise that annual audits, tax audits or internal audits also rest to a large extent on IT-supported business processes, IT applications and IT infrastructure. The IT system audit, also referred to as IT audit, is an integral part of a risk-orientated auditing approach in the audit of annual financial statements. dhpg offers you an expert audit performed by experienced certified auditors. The advantage for you? High-quality, reliable data on the company's information processing system for the annual audit with less audit work for the annual audit team. In addition, our experience enables us to provide you with feedback on the actual reliability and security of the IT systems of the companies to be audited. This is a benefit that is also available to you with other auditing services.
For more than 75 years now we have been supporting owner-managed and family-run SMEs in auditing their annual financial statements in accordance with the standards laid down by the Institute of Public Auditors in Germany (IDW) and, since 2023, the International Auditing Standards Board (IAASB). We have special expertise where information technology and auditing interface with one another. Every audit team is supported by experienced IT advisors and data analysts. This not only provides an efficient auditing framework - it also helps company management get traction going forward.
Our trained IT auditors are at home in both IT and auditing. Our ISA [DE] 315 auditing standard is also a standard that combines both disciplines. This allows us to carry out targeted IT audits, providing you with information that translates into tangible benefits for you and your IT.
No manager, no executive is a jack of all trades. Our IT auditors make things transparent for management by providing an objective overview. They shed light on areas where action is needed, thus shielding you from unnecessary security and liability risks as well as down times.
As an auditing, legal and tax consultancy firm, IT security is part of our DNA. Our IT auditors not only take a close look at proper accounting in the IT audit - they also scrutinise data protection and the IT security protecting your IT infrastructure.
Would you like to obtain more information or arrange a personal meeting? We would be glad to arrange an appointment with you - no strings attached - so that we can get to know each other. We look forward to your call or e-mail and to hearing from you.
The IT audit is an original component of an annual audit in accordance with the International Standard on Auditing [DE] 315 (Revised 2019) (ISA [DE] 315 for short) and also of the audit of a company's internal control system. The IT audit thus looks for possible mistakes and risks in the accounting. Beginning at a certain level of complexity of the IT system at the company being audited, an IT audit has to be carried out by the auditor as an element of the audit of the financial statements in accordance with generally accepted auditing standards. The following item are generally explored in an IT audit:
If the company has decided to outsource data or services – and IT services are often functions that are outsourced – the service provider's control system must also be included in the IT audit.
dhpg always performs an IT system audit whenever the auditors come across a complex IT infrastructure and business processes. Which is probably the case at almost every company these days. Moreover, for compliance or competitive reasons, it is necessary for many companies to map both business and archiving processes digitally. On top of this, there are the challenges posed by a digitalised business and working world, such as remote working or mobile working by management and staff with changing locations, or the challenge of no longer working exclusively in the office. All of this means that IT systems are becoming increasingly complex and therefore more prone to failure. The IT audit helps to identify potential risks and develop a strategy with the company to cope with these IT risks. Our IT auditors are specially trained IT audit specialists. Thanks to their experience from auditing and certifying many enterprises as well as their process knowledge, they can quickly analyse and grasp interrelationships in the data, IT infrastructure and business processes and make further recommendations on steps to take.
Definitely. dhpg's IT auditors are experienced and certified specialists who usually have degrees in computer science or business informatics or are additionally trained as CISAs (Certified Information Systems Auditors). In a comprehensive audit, our auditors examine the IT system and its interfaces, authorisation systems, the internal control system in place, but - and this is even more important - they also look at the control system employed by service providers commissioned by the client to provide outsourced services.
dhpg also offers its clients the opportunity to test their own infrastructure using a vulnerability test - also referred to as a penetration test. In this function, the IT auditor plays the role of an external attacker, attempting to find gaps where the company's IT structure is not adequately protected. A risk profile is then produced for the company and practical recommendations are made on how security gaps can be closed going forward.
IT auditors explore a whole range of IT infrastructures in their work, audit these in the context of the annual audit in accordance with the standards laid down by the International Auditing Standards Board (IAASB), but can also issue software certificates with an auditor's certificate from the Institute of Public Auditors in Germany (IDW). The major advantage of an audit by an IT auditor is that they assess IT systems as such to determine whether they are functioning properly, i.e. program and control functions, controls and authorisation systems. In addition, an IT auditor is able to analyse how each IT system works together with the accounting system. This is precisely where we often come across some sticky wickets: Even reputed auditors focus exclusively on the IT system and do not place it in the context of the accounting regulations to be observed.
Certifications are common practice in many sectors of the economy. They are regarded as standards vouching for quality and trust in the case of tenders. Many such system certifications can be performed by auditors or IT auditors. We have summarised which certifications auditors provide on a separate page.
The IT audit and IT consulting comprise all services relating to the use of IT systems as part of an audit of the annual financial statements. The IT system audit in accordance with the ISA [DE] 315 standard is an integral part of the audit of financial statements and adopts the risk-oriented audit approach. The IT audit goes above and beyond the requirements of the annual audit, however. The IT audit system can help companies when launching new software, installing cloud computing, outsourcing services or complying with guidelines such as KRITIS and the Generally Accepted Principles for Proper Accounting and Retention of Books, Records and Documents in Electronic Form as well as Data Access (GoBD). Would you like to have your system audited or certified, or do you need more information? Don't hesitate to get in touch with us.
Contact form 
+49 228 81000 0