IT audit along with as well as outside the annual audit

Efficient and target-orientated IT audit
IT audit along with as well as outside the annual audit

IT audit: scrutinising IT-supported financial reporting and processes

Paper documents are a thing of the past. It is therefore inevitable that an annual audit, a tax audit or an internal audit will also involve significant elements of IT-supported business processes, IT applications and the IT infrastructure. The IT system audit or IT audit is an integral part of a risk-orientated audit approach in the annual audit. dhpg offers you an expert, system-independent audit performed by certified consultants. Your benefit? Reliable, high-quality data with less time and effort being required for the audit. A benefit that that you can also leverage with other auditing services.

What you can expect from us

 

Why dhpg?

IT audit: Modern auditing taken at its word

For more than 70 years, we have been supporting owner-managed and family-run SMEs in auditing their annual financial statements in accordance with the standards established by the German Institute of Public Auditors (IDW) and since 2023 according to the International Auditing Standards (IAASB). One special expertise we offer is the area where information technology interfaces with auditing. Each audit team is supported by experienced IT consultants and data analysts. This not only creates an efficient audit framework, but also new insights for forward-looking corporate management.

Icon

Specialists in IT and auditing

Our trained IT auditors are at home in both IT and auditing. This allows us to carry out targeted IT audits and provide you with information that offers you and your IT significant additional benefits.

Icon

A good feeling thanks to transparency

No management team or executive can be at home in each and every field. Our IT auditors bring about transparency for management. They reveal where there is a need for action, thereby protecting you from unnecessary security and liability risks. 

Icon

Security: part of the DNA

As an auditing, legal and tax consultancy firm, IT security is part of our DNA. Our IT auditors not only look at proper financial reporting in the IT audit, but also include data protection and IT security in their analysis.

Your contact for questions surrounding IT audits, IT testing and consulting

Would you like more information or to get together for a personal meeting? We would be glad to arrange an appointment with you – no strings attached – so we can get to know each other. We look forward to your call or e-mail and to hearing from you.

To the contact persons

FAQ - Questions and information on the subject of IT audits

Is the IT audit a standard part of the annual financial statements audit?

The IT audit is an elemental part of the annual audit in accordance with the International Standards on Auditing (DE) 315 (Revised 2019), in short terms ISA (DE) 315, and also of the audit of a company's internal control system. The IT audit looks for possible errors and risks in the accounting. Beginning at a certain level of complexity of the IT system at the company being audited, it is an absolute must for an IT audit to be performed by the auditor as part of the audit in accordance with the principles for the proper auditing of financial statements. The following items are generally examined in the IT audit: 

  • IT system
  • Emergency strategies and data backup concepts
  • Structural and process organisation, including user authorisation concepts
  • IT infrastructure
  • IT applications 
  • IT support for business processes 
  • Interface and data analyses

If the company has decided to outsource data or services – and IT services are often functions that are outsourced – the service provider's control system must also be included in the IT audit. 

dhpg always offers its clients an IT system audit when the auditors encounter a complex IT infrastructure and business processes. In the present day and age, this is probably the case for almost every company. And every company would like to digitally map both business and archiving processes. Moreover, management and staff are faced with the challenge of no longer working exclusively in the office. All of this means that IT systems are becoming increasingly complex and therefore more prone to errors or failure. The IT audit helps to identify potential risks and develop a strategy together with the company to deal with these IT risks. Our IT auditors are specially trained IT audit specialists who, thanks to their experience from auditing and advising many companies as well as their process know-how, can quickly analyse interrelationships within data sets, IT infrastructure and business processes and make recommendations for further action.

Can the IT auditor recognise IT security gaps in an annual audit?

Definitely. The IT auditors at dhpg have generally completed business informatic studies and are also trained as CISA (Certified Information Systems Auditors). They use a comprehensive audit to examine the internal IT infrastructure along with its interfaces and authorisation systems, but – and this is even more important – also the control system of service providers which have been contracted to execute services outsourced by the client. 

dhpg also offers its clients the opportunity to test their own infrastructure by means of a vulnerability test – also known as a penetration test. In this function, the IT auditor assumes the role of an external attacker and searches for places where the company's IT structure is not adequately secured. The company then receives a risk profile and practical recommendations on how security gaps can be closed in the future.

Why should I involve an IT auditor in the selection and implementation of new software?

IT auditors examine a whole range of IT infrastructures as part of their work, audit these as an element of the annual audit in accordance with the standards established by the International Auditing Standards Boards (IAASB), but can also issue software certificates with an auditor's certificate. The major advantage of an IT auditor's certificate is that it assesses the software as such, i.e. the program and control functions, controls and authorisation systems. The IT auditor is furthermore able to check the interaction of each and every IT system with the accounting system. This is where we often find the sticking points: Even reputed auditors focus exclusively on the IT system and do not place it in the context of the financial reporting regulations to be observed.

Does the IT auditor also offer to certify IT systems?

Certifications are common practice in many sectors of the economy. They are regarded as quality and trust standards in tenders. Many of these system certifications can be carried out by auditors or IT auditors. 

An IT audit is an integral part of the annual audit

The IT audit and IT consulting comprise all services related to the use of IT systems as part of an annual audit in accordance with the International Standards on Auditing DE 315 U(Revised2019, in short terms ISA DE 315. The IT system audit is an integral part of the audit of the annual financial statements and applies a risk-oriented audit approach. The IT audit goes beyond the requirements of the annual audit, however. The IT audit system can help companies when launching new software, installing cloud computing, outsourcing services or complying with guidelines such as KRITIS and GoBD. Would you like to have your system certified or would you like to receive more information? Don't hesitate to get in touch with us.

Contact

Get in touch with us

Mail Contact form Telefon +49 228 81000 0
By uploading the YouTube video, you consent to cookies being set by YouTube and Google and to data being transferred to these providers. We process the data in order to be able to analyse access to our YouTube videos or to evaluate the effectiveness of our advertising and ads. YouTube and Google also process the data for their own purposes. In addition, you also agree that your data may be transferred to the USA, although there is a risk in the USA that the US authorities may gain access to your data for surveillance purposes and that you may not have adequate legal protection against such. You will find further information in our Data Protection Policy.
Load YouTube Video
Permalink