In the digital era, a comprehensive IT audit is essential to ensure the security, efficiency and compliance of your information technology systems. As your auditor, we offer specialized IT audit services designed to identify and mitigate potential risks in your IT infrastructure and system landscape. We support you in the risk and process-oriented analysis, design, optimization, implementation and ongoing monitoring of your information technology. Our aim is to ensure the functionality of your systems and the integrity of your data. 

We understand the specific challenges faced by SMEs, corporate groups and public sector organizations. Our IT audits and IT systems implementation advice are provided by experts who have in-depth knowledge of industry-specific IT requirements and legal provisions. We use state-of-the-art technologies and methods in order to evaluate the effectiveness of your IT controls, protect against cyber threats and support compliance with relevant standards and regulations.

We audit the compliance and security of your implemented systems and the associated business processes. In doing so, we always strive for the most efficient approach and utilize audit reports from other auditors, software test certificates, etc.  

Rely on our expertise to strengthen your IT systems and processes and increase your resilience.
 

Our IT Audit & Advisory Services

  • Audit of general computer controls (IT system audit) or support on IT-specific issues as part of or outside the annual audit (in accordance with ISA [DE] 315 / IDW PS 860) 
  • Consideration and audit of specific regulatory requirements, e.g., SOX, §8a BSIG (Kritis), BAIT, VAIT, KAIT, ZAIT (supervisory requirements for IT)
  • Conducting data analyses, such as journal entry testing 
  • Support in the development of process and procedural documentation (GoBD – German principles for the proper keeping and storage of books, records and documents in electronic form and for data access) 
  • IT audit
  • Audit of IT-supported business processes
  • ERP RiskCheck (brief analysis of selected risk areas (e.g., authorizations) for standard software systems, in particular SAP, NAV, Dynamics, AX, Business Central, Diamant, etc.) 
  • Assurance support in accordance with IDW PS 850 or downstream audit pursuant to IDW PS 850 of projects, e.g., system changes or new implementations with a focus on ERP, archiving and document management systems 
  • Audit of IT service providers (in accordance with IDW PS 951, ISAE 3402/SSAE 16, etc.) 
  • Audit of software systems (issuance of software certificates in accordance with IDW PS 880) 
  • Audit of tamper-proof archiving procedures in accordance with IDW RS FAIT 3 
  • Audit and advice on electronic billing processes and electronic invoicing issues (together with the VAT and/or Consulting divisions) 
  • Audit and advice on SAP authorizations, SAP GRC and Identity & Access Management
  • Support with special issues in connection with
    • IT-related internal control systems, automation of controls and control efficiency 
    • IT risk management and IT compliance 
    • IT organization and IT strategy 
    • IT service contracts and IT outsourcing, including the topic of “relocating IT accounting abroad” 
    • IT disaster recovery plans/business continuity management (BCM) 
    • questions relating to digital tax audits (in particular data access by the tax authorities in accordance with GDPdU (German Guidelines for data access and the verifiability of digital documents)) 
    • on cyber security & cyber risk management
       
Martin Uebelmann

Martin Uebelmann

Partner

Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA)

What can we do for you?

Talk to us - without any obligation

Get in touch