Business performance relies upon the controlled operation of information technology, spanning from a legacy mainframe through to "bleeding edge" bespoke web applications.

At the same time an organisation is constantly challenged with an increasing number of information technology risks including security threats, regulatory and legislative compliance and unexpected disruption to system availability.

Management look to Internal Audit to provide assurance that appropriate controls are designed and operating effectively to manage these technology risks both today and in the future. The IT internal auditors are best placed to meet this challenge.

This challenge isn’t made any easier for Internal Audit with an increasing imbalance in the demand for, and supply of, high quality IT Internal Auditors.

Before your Internal Audit function invests significant time and effort in meeting this challenge, you might like to consider how we help our clients deal with such matters through our common sense approach.

Our IT audit services help our clients answer the following questions:

  • What are my significant IT risks and what is being done in the organisation to address these?
  • How good is my security and does it fit together in an efficient and cohesive manner?
  • Do my IT governance efforts support wider regulatory and compliance efforts?
  • Can I trust the integrity of information being used to make business decisions?
  • Will my systems and information be available when I need them?
  • Are applications being developed, implemented and maintained in a well-controlled manner?
  • Are third party outsourcing partners meeting service level and control commitments?

How can we help?

It is probable that you are in one of the following two circumstances:

Option 1 Defined IT audit needs

You have defined your IT audit needs but do not have sufficient resources or skills in-house to execute your IT audit plan.

If you find yourself in this situation we can provide cost-effective access to a pool of highly skilled resources on a project-by-project basis or full time. Our expertise covers topics ranging from COSO and COBIT through to ethical hacking of legacy, ERP and bespoke applications.

Option 2 – Uncertain IT audit needs

Your organisation is dependent on the provision of effective and efficient information technology and is looking to you to provide some form of assurance.

In these circumstances we can work with you through the following step-by-step process:

  • Understand the business needs from information technology both today and tomorrow Identify the supporting infrastructure and applications from discussions with your IT department
  • Analyse the skills and experience of your current IT audit team
  • Identify the gaps in the current IT audit team compared to likely requirements
  • Develop a transition plan to achieve the desired future state

The strength of Deloitte

We have a team of over 300 technology assurance professionals within the UK and over 3,500 globally. We pride ourselves on our business acumen and have specific experience of IT audit work across a wide range of industries and jurisdictions.

We have deep technical knowledge across a wide range of application systems and supporting infrastructure. We understand operational risk, IT governance and its linkage to good corporate governance, as well as legislative and regulatory requirements such as Turnbull, Sarbanes-Oxley, Basel II and FSA requirements.

Whether you want us to assess the effectiveness of your information security governance or to help prevent hackers penetrating your systems, we can use our deep knowledge of technology to deliver jargon-free assessments of the management of IT risks to Heads of Internal Audit and the Audit Committee.

In addition with our unique market position of having retained our consulting business, we have significant experience of implementing technology solutions rather than simply delivering assurance or assessment reports, giving you access to technical experts who can understand the design and implementation of technical controls.

Don’t just take our word for it …

Clearly we do speak proudly about the strength of our practice but don’t just take our word for it. We work with many leading FTSE-100 organisations helping them bolster their in-house expertise. If required we can put you in touch with some of our clients for a first hand view on how we have helped them in providing assurance over the management of IT risks.

Want to know more?

If you are looking for:

  • a business partner who can truly work with your organisation to make a step change improvement in your IT audit capabilities whilst retaining a "feet on the ground" approach;
  • a third party that delivers clear, understandable and pragmatic assessments;
  • a "big 4" firm that has retained its consultancy practice and so has experience in designing and implementing controls.

...you should talk to our IT internal audit team.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.