Digitisation – hardly any other catchword encapsulates so many different aspects. Partly because the term digitisation covers so many different areas and requirements. Terms such as Predictive Analytics (forward-looking data analysis), Big Data and the Internet of Things describe various different facets of digitisation. Those companies which successfully meet the challenges digitisation create a genuine competitive advantage and sustainable forward-looking approach. Our specialists offer you a comprehensive and coordinated service package with which you build your trust in digitalised processes and lay the foundation for efficient and secure digitisation initiatives.
How we help you when it comes to digitisation and compliance:
ISAE 3402 / IDW PS 951
ISAE 3402 / IDW PS 951
As part of their outsourcing and digitalisation strategy companies are increasingly outsourcing business processes and operational functions in order to streamline organisational structures, save costs, and strengthen their international competitiveness. Typical examples include the outsourcing of IT operations and ERP application support as well as various areas of billing processes and cloud services.
Using our many years of experience in the creation of client specific compliance certification and IT audits in the international regulatory environment, we offer audits in line with ISAE 3402 and IDW PS 951 standards and assess the integrity and effectiveness of internal control systems.
Internal Control System (ICS)
An effective Internal Control System (ICS) is the cornerstone for process risk control and requires and various commercial law and tax law requirements have to be met. At the same time, the implementation of an electronic ICS by way of customising and assignment of authorisations in ERP systems is a complex task as it requires business, legal and technical knowledge.
We offer you a neutral verification and reflection of the mature processes and structures, provide you with independent support and apply professional quality assurance standards, from the initial start-up of the electronic ICS, to the analysis and to concrete recommendations for implementation.
IT Security Management
The reliability of complex IT systems and the numerous IT legal and contractual requirements for IT security cannot be met with isolated measures. With experienced consultants and certified auditors we support you in customising, constructing and maintaining your information security management system (ISMS).
A precise knowledge of the IT risks is important in order to be able to take appropriate countermeasures. We conduct risk analyses on information security and audit IT security concepts and IT control systems.
Cyber Risk Management
Due to the systematic networking of processes, including beyond company boundaries, the risks of cyberspace can produce a chain of effects with in some cases considerable potential for liability and damages.
We analyse and assess your IT security architecture, IT technology and IT strategy independently and on the basis of objective criteria and reveal opportunities for improvement. Alongside personal provision, this is a key step to transfer risk through cyber insurance policies.
A quick check is available for this service.
We help our clients to bring the following quality assurance to market:
- Test certification for standard software products in line with IDW PS 880: Decision criteria for the selection of accounting related software by potential end-users
- Testing of document management systems and audit-proof archiving solutions according to GoBD, IDW FAIT 1 and 3 as well as IDW PS 880
- ISAE 3402, IDW PS 951, SOC Reporting: Quality criteria for service providers (process outsourcing, IT hosting and cloud services) that certify the functionality and effectiveness of the internal control system
- ISAE 3000: In addition to commercial and tax law requirements, other national and international requirements can also be addressed.
IT-related projects with profound effects on systems, processes and organisations are complex and expensive. Risk management in the project is a useful tool to improve the probability of economic success for the project. It makes project risks transparent and creates a common awareness of potential risks among all project participants. The early identification of errors prevents unnecessary consequential costs.
The Federal Ministry of Finance has now set out its requirements for the IT-driven business processes relevant to tax in the “Principles for properly maintaining and storing books, records and documents in electronic form and for data access” (GoBD). The rules must be applied by the book. In order to be on the safe side in subsequent company audits, we carry out GoBD compliance checks. With our qualified analysis and audit of archiving processes to ensure that they meet legal and regulatory requirements and are secure, we also assist companies in the design and implementation of archiving solutions which are fit for the future.
Data Protection Management
Data protection requirements placed on companies of all sizes are not restricted to the Federal Data Protection Act and the EU General Data Protection Regulation, which will apply from 2018. Non-compliance can result in fines running into millions. A Data Protection Management System (DPMS) acknowledges and meets these requirements, proves proper diligence and minimises liability risks. With our many years of project experience and certified expertise in data protection we will construct your DPMS and, if requested, provide the Group Data Protection Officer or assist him in his duties.
To implement your digitalisation strategy, we offer coaching in digital transformation projects as well as system and process audits to certify audit compliance with German tax legislation and commercial law requirements.
We can support you in the following areas:
- Implementation of paperless processes
- Introduction of workflow systems and digital file management
- ECM strategy and implementation planning
- Cloud archiving
- Preparation of ICS procedure documentation
- GoBD health checks
- Archiving concepts for system shutdowns and system changes
- Advice on digital topics and technologies
- IT Compliance Management Systems (CMS)
IT Audit in Year-End Process
Information used in financial statements for commercial and tax law purposes can nowadays only be generated using IT-supported accounting systems. In order to confirm the completeness and accuracy of the production process and the figures, our experienced IT auditors efficiently examine the ERP systems and data sources used in your financial statements and present the results in a meaningful manner.
The requirements placed on Internal Audit have increased: It has evolved from a supervisory body into a support and advisory service. As a result, more and more companies are deciding to introduce this function. However, they do not always have sufficient internal resources and the IT expertise.
We provide support as “external” experts” in all matters relating to the organisation and provision of internal audit services.
Data analyses are the universal tool to obtain the knowledge required for decision-making from contourless mass data. Although they are traditionally associated with audit issues, they can apply just as well to business matters such as payment and buying behaviour as well as many other usage scenarios. Our Data Extraction & Data Analysis Competence Centre helps our auditors and clients to draw the right conclusions from the production factor “data”.