Paper documents are a thing of the past. It is therefore inevitable that an annual audit, a tax audit or an internal audit will also involve significant elements of IT-supported business processes, IT applications and the IT infrastructure. The IT system audit or IT audit is an integral part of a risk-orientated audit approach in the annual audit. dhpg offers you an expert, system-independent audit performed by certified consultants. Your benefit? Reliable, high-quality data with less time and effort being required for the audit. A benefit that that you can also leverage with other auditing services.
For more than 70 years, we have been supporting owner-managed and family-run SMEs in auditing their annual financial statements in accordance with the standards established by the German Institute of Public Auditors (IDW) and since 2023 according to the International Auditing Standards (IAASB). One special expertise we offer is the area where information technology interfaces with auditing. Each audit team is supported by experienced IT consultants and data analysts. This not only creates an efficient audit framework, but also new insights for forward-looking corporate management.
Our trained IT auditors are at home in both IT and auditing. This allows us to carry out targeted IT audits and provide you with information that offers you and your IT significant additional benefits.
No management team or executive can be at home in each and every field. Our IT auditors bring about transparency for management. They reveal where there is a need for action, thereby protecting you from unnecessary security and liability risks.
As an auditing, legal and tax consultancy firm, IT security is part of our DNA. Our IT auditors not only look at proper financial reporting in the IT audit, but also include data protection and IT security in their analysis.
Would you like more information or to get together for a personal meeting? We would be glad to arrange an appointment with you – no strings attached – so we can get to know each other. We look forward to your call or e-mail and to hearing from you.
The IT audit is an elemental part of the annual audit in accordance with the International Standards on Auditing (DE) 315 (Revised 2019), in short terms ISA (DE) 315, and also of the audit of a company's internal control system. The IT audit looks for possible errors and risks in the accounting. Beginning at a certain level of complexity of the IT system at the company being audited, it is an absolute must for an IT audit to be performed by the auditor as part of the audit in accordance with the principles for the proper auditing of financial statements. The following items are generally examined in the IT audit:
If the company has decided to outsource data or services – and IT services are often functions that are outsourced – the service provider's control system must also be included in the IT audit.
dhpg always offers its clients an IT system audit when the auditors encounter a complex IT infrastructure and business processes. In the present day and age, this is probably the case for almost every company. And every company would like to digitally map both business and archiving processes. Moreover, management and staff are faced with the challenge of no longer working exclusively in the office. All of this means that IT systems are becoming increasingly complex and therefore more prone to errors or failure. The IT audit helps to identify potential risks and develop a strategy together with the company to deal with these IT risks. Our IT auditors are specially trained IT audit specialists who, thanks to their experience from auditing and advising many companies as well as their process know-how, can quickly analyse interrelationships within data sets, IT infrastructure and business processes and make recommendations for further action.
Definitely. The IT auditors at dhpg have generally completed business informatic studies and are also trained as CISA (Certified Information Systems Auditors). They use a comprehensive audit to examine the internal IT infrastructure along with its interfaces and authorisation systems, but – and this is even more important – also the control system of service providers which have been contracted to execute services outsourced by the client.
dhpg also offers its clients the opportunity to test their own infrastructure by means of a vulnerability test – also known as a penetration test. In this function, the IT auditor assumes the role of an external attacker and searches for places where the company's IT structure is not adequately secured. The company then receives a risk profile and practical recommendations on how security gaps can be closed in the future.
IT auditors examine a whole range of IT infrastructures as part of their work, audit these as an element of the annual audit in accordance with the standards established by the International Auditing Standards Boards (IAASB), but can also issue software certificates with an auditor's certificate. The major advantage of an IT auditor's certificate is that it assesses the software as such, i.e. the program and control functions, controls and authorisation systems. The IT auditor is furthermore able to check the interaction of each and every IT system with the accounting system. This is where we often find the sticking points: Even reputed auditors focus exclusively on the IT system and do not place it in the context of the financial reporting regulations to be observed.
Certifications are common practice in many sectors of the economy. They are regarded as quality and trust standards in tenders. Many of these system certifications can be carried out by auditors or IT auditors.
The IT audit and IT consulting comprise all services related to the use of IT systems as part of an annual audit in accordance with the International Standards on Auditing DE 315 U(Revised2019, in short terms ISA DE 315. The IT system audit is an integral part of the audit of the annual financial statements and applies a risk-oriented audit approach. The IT audit goes beyond the requirements of the annual audit, however. The IT audit system can help companies when launching new software, installing cloud computing, outsourcing services or complying with guidelines such as KRITIS and GoBD. Would you like to have your system certified or would you like to receive more information? Don't hesitate to get in touch with us.