IT Assurance

IT Assurance

Businesses face increasing complex regulatory requirements and a continuously evolving technological landscape. To thrive they must reply upon the controlled operation of information technology to be compliant, function securely and minimise IT related risks.

Managing IT risk and compliance has become pivotal, as IT failures can lead to reputational damage, market valuation loss, increase in privacy issues and legal exposure. It is essential for businesses to implement and manage a robust IT controls framework to manage these risks appropriately.

Vittoba can help by:
  • Working with audit professionals to provide assurance in the technology environment used for financial reporting and related internal controls over financial reporting;
  • Improving confidence on technology dependent internal controls as a result of business growth;
  • Assessing and minimising technology risks within the existing technology framework and on new business initiatives such as implementing new technologies or the launch of products or services; and
  • Providing insights on key technology challenges and future trends through our thought leadership and publications.

 

Our integrated risk-based approach and extensive sector experience means we can provide insight on technology risks for boards, audit committees, and key senior management executives.

IT External Audit

We audit clients’ technology environments (network, applications, and underlying infrastructure) to support the financial statement audits and reporting on internal control over financial reporting. The services provide assurance over:

  • IT General Controls;
  • Application Controls; and
  • New System Implementation and Data Migration.
IT Internal Audit (IA) Resourcing :

We work with our clients to achieve their IA objectives through co-sourcing, outsourcing or bespoke models, in line with their business needs.

Diagnostic assessments :

Our diagnostic assessments help clients understand the control gaps in their IT environment and improve the overall technology risk framework. We cover a range of specific risk areas such as cyber security, data privacy, IT strategy and capability, business continuity and disaster recovery, data quality, information governance and data protection/GDPR, against leading industry practices.

Control optimisation :

We help clients evaluate and streamline their existing control frameworks in the organization.

Independent project assurance :

We can act as an independent adviser to management and project boards for effective implementation of new systems and projects, by identifying and mitigating project risks before they arise.

Service organizations controls reporting / IT Attestation :

We provide independent assurance on the controls implemented by service organizations providing services to user organizations. Service organizations demonstrate their internal control environment for gaining business confidence from their existing or prospective customers. We assist our clients in gaining assurance in line with applicable standards (US, UK, or International) such as AAF 01/06 ICAEW, AICPA SSAE18 (supersedes SSAE16) or ISAE 3402 (referred as SOC1), or AICPA AT101 (SOC2 or SOC3), or ISAE 3000. Our services cover design (Type 1 report) and operating effectiveness (Type 2 report) of controls at service organizations.

IT Due Diligence :

In the event of mergers and acquisitions, we provide deep drill downs or specific insights on the technology environment to boards and investors for making informed decisions, as part of buy-side or sell-side requirements.

Application Reviews :

We assist clients in reviewing their business applications to assess the control environment within systems to address specific business or process risks. The review includes access reviews, configurations and setups, master data set up, transactions, and interfaces. Our recommendations are used for enhancing functionality, security, and control environment within applications.

IT Policy and Procedures :

We assess your IT policies and procedures to determine any gaps in applicability to current and/or emerging IT environments/business models such as: outsourcing, cloud services, shared services, mobile, offshoring, BYOD etc.

Assessment of IT controls for SOX :

We assess IT controls risk and dealing with complex technology topics in support of financial statement audits. Our teams are also familiar with the requirements of reporting under Section 404 of the Sarbanes Oxley Act (SOX) for SEC registrants.

For details refer to our services offered for SOX Compliance