IT Consulting and Auditing
Our team has many years of experience in IT services and is appropriately qualified. In this context, too, we also place particular emphasis on an interdisciplinary approach that takes into account the general legal and economic conditions. For example, our IT specialists have extensive business knowledge and are familiar with all accounting, tax and financial reporting issues. To tackle special technical questions and tasks we use our excellent contacts with recognized experts.
As in all service areas, your IT project will be supported by a partner and a senior manager who will be available to you as personal contacts during the entire lifecycle of the project. For international tasks we use our connections in the BDO International network, undertaking the coordination and communication for our clients.
Our Range of Services Comprises the Following:
- Appropriateness of the accounting system pursuant to the German IDW Auditing Standard (IDW AuS) 330
- Appropriateness of software systems pursuant to IDW Aus 880 (s0ftware certificate)
- Analysis of weaknesses in IT systems
In the Auditing field we have summarised the experience gained from numerous audits of IT environments in the context of annual financial statement audits at medium-sized companies in a checklist system that is continually refined and made use of at internal training events. For complex systems we offer our clients or colleagues the security of a professionally sound audit pursuant to IDW AuS 330 by our IT specialists. The resulting audit report presents the individual findings and risks in a manner that is also understandable for technical laymen.
A software certificate or software attestation provides manufacturers with a seal of quality for their products. An external quality assurance performed by independent auditors ensures compliance with legal provisions (HGB, IFRS, AO. GoB, GoBS) and compliance with local tax law and commercial law provisions, in addition to confirming the safety, appropriateness and functionality of products.
In a weak-point analysis, we uncover not only security gaps and other weaknesses but also support our clients with detailed action plans that pinpoint an optimal course of improvement in structured and prioritized steps. During the implementation phase we can assist you with our specialist knowledge.
Consulting services regarding:
- The introduction of software systems (project support audit of IT-supported systems pursuant to HFA 4/1997)
- The introduction of internal control systems in the IT environment (IDW AuS 260)
- Fulfilling requirements pursuant to the German Principles of Data Access and Auditing of Digital Documents ("GDPdU")
- The introduction of security standards pursuant to the Federal Office for Information Security (BSI), COBIT or other recognized standards
- Selecting system components (hardware and software) or tools for special tasks
Our consulting services in connection with the introduction of software systems are based on the technical pronouncements of the German Institute of Certified Public Auditors in Germany (IDW Pronouncements). This means that the requirements placed on the appropriateness of the system are already considered during the development and implementation stages. This minimizes the need for cost-intensive subsequent improvements.
Current requirements placed on the appropriateness of IT systems call for a systematic approach that enables secure and reliable information processing on the basis of respective controls. Our extensive know-how concerning such internal control systems allows us to prepare a tailored system for clients: given the appropriate scope, superordinated controlling tools may also be used in this respect.
Within the scope of GDPdU (principles of data access and auditing of digital documents) compliance, you can benefit from our interdisciplinary approach. Based on the experience with a large number of "digital tax audits" that we have already dealt with, we know the requirements placed on such data very well. In addition to the determination of relevant tax data by our client service staff, our IT specialists are at your disposal to advise on the necessary technical measures.
The introduction of a standardized approach such as BSI, COBIT or similar is a suitable means to meet the increased security and reliability requirements placed on IT systems. In this field we not only provide assistance in selection and implementation but also prepare a final audit and support our clients in attaining subsequent proof of successful implementation in the form of certification.
Our experience is also available to you when selecting individual systems, applications, or tools for general or special tasks. We also provide advisory services to interested clients when it comes to concepts for outsourcing applications or data kept externally in the selection of suitable partners.
- The introduction of SOX 404 in the IT field (IT general controls)
- Selecting and introducing systems (project management or supportive consulting)
We view the support in the following tasks as assistance to clients who implement systems under their own responsibility:
The introduction of SOX 404 in IT in order to meet the requirements of IT general controls calls for both our core competency as auditors as well as knowledge of control systems and our IT know-how. Our pragmatic approach in this field combines structured risk management analysis with addressing the special features of the audit subject on a case-by-case basis. In so doing, we place great emphasis on the necessary knowledge transfer that enables clients to meet subsequent requirements largely on their own. As SOX projects regularly concern tasks that are distributed internationally, we offer the global involvement of proven specialists within the framework of the Crowe Horwath network.
The selection process associated with the introduction of new IT systems is frequently not conducted intensively enough. In such cases, functional deficiencies identified at a later stage can only be corrected by expensive follow-up work or even additional applications. A professionally sound selection procedure, which we can support independently of manufacturers and systems, as well as subsequent project support during the customizing and implementation process is a means to avoid such unplanned additional expenses. In this, our work is not limited to the technical details; rather we see the inclusion, assessment, and if necessary, reorganization of internal processes as a significant factor for successful software introduction.
If you are interested in our services, please contact your consultant in our company or contact our associated partners in the IT segment directly.