Digitisation and compliance

As part of their outsourcing and digitisation strategy companies are increasingly outsourcing business processes and operational functions in order to streamline organisational structures, save costs, and strengthen their international competitiveness. Typical examples include the outsourcing of IT operations and ERP application support as well as various areas of billing processes and cloud services.

Using our many years of experience in the client-specific preparation of compliance certification and IT audits in the international regulatory environment, we offer audits in line with ISAE 3402 and IDW PS 951 standards and assess the integrity and effectiveness of internal control systems.

more

An effective internal control system (ICS) is the cornerstone for process risk control and requires the observance of various commercial law and tax law requirements. At the same time, the implementation of an electronic ICS by way of customising and assigning authorisations in ERP systems is a complex task as it requires business, legal and technical knowledge.

We offer you a neutral verification and reflection of the established processes and structures and support you independently and in accordance with professional quality assurance standards - from the initial start-up of the electronic ICS to the analysis and concrete recommendations for implementation.

more

The reliability of complex IT systems and the numerous legal and contractual requirements for IT security cannot be met with isolated measures. With experienced consultants and certified auditors we support you in customising, establishing and maintaining your information security management system (ISMS).
 
Precise knowledge of the IT risks is important in order to be able to take appropriate countermeasures. We conduct risk analyses on information security and audit IT security concepts and IT control systems.

Due to the systematic networking of processes, also beyond company boundaries, the risks of cyberspace can produce a chain of effects with in some cases considerable potential for liability and damages.

We analyse and assess your IT security architecture, IT technology and IT strategy independently and on the basis of objective criteria and point out opportunities for improvement. Alongside personal provision, this is a key step towards risk transfer through cyber insurance and increases data security in IT processes.

We help our clients to provide the following verification of quality on the market:

• Test certification for standard software products in line with IDW PS 880: Decision criteria for the selection of accounting-related software by potential end-users
• Review of document management systems and audit-proof archiving solutions according to GoBD, IDW FAIT 1 and 3 as well as IDW PS 880
• ISAE 3402, IDW PS 951, SOC Reporting: Quality criteria for service providers (process outsourcing, IT hosting and cloud services) that certify the functionality and effectiveness of the internal control system
• ISAE 3000: In addition to commercial and tax law requirements, other national and international requirements can also be met.
  
  

more

IT-related projects with profound effects on systems, processes and organisations are complex and expensive. Risk management in the project is a useful tool to increase the economic success of the project and secure the company’s own objectives. With our extensive understanding of IT and processes, we can identify typical risks of a project at an early stage - and counteract them in good time so that unnecessary follow-up costs are avoided.

In addition, an orderly and revision-proof implementation of the new system environment and the necessary migration and process modelling can already be guaranteed in the current project and confirmed in writing after completion.

The German Federal Ministry of Finance has now set out its requirements for tax-relevant computer-assisted business processes in the “Principles for properly maintaining and storing books, records and documents in electronic form and for data access” (GoBD). The rules must be implemented according to regulations. In order to be on the safe side in subsequent company audits, we carry out GoBD compliance checks. With our qualified analysis and examination of legally compliant, orderly and secure structure of archiving processes, we also support companies in the planning and introduction of future-oriented and audit-proof archiving solutions.

Data protection requirements placed on companies of all sizes are not restricted to the Federal Data Protection Act and the EU General Data Protection Regulation, which applies as from 2018. Non-compliance can result in fines running into millions. A Data Protection Management System (DPMS) acknowledges and meets these requirements, proves due diligence and minimises liability risks. With our many years of project experience and certified expertise in data protection we will establish your DPMS and, if requested, provide a Group Data Protection Officer or assist him in his duties.

To implement your digitisation strategy, we offer coaching in digital transformation projects as well as system and process audits to certify audit compliance with German tax legislation and commercial law requirements.

We will support you in the following areas:

• Implementation of paperless processes
• Introduction of workflow systems and digital file management
• ECM strategy and implementation planning
• Cloud archiving
• Preparation of ICS procedure documentation
• GoBD health checks
• Archiving concepts for system shutdowns and system changes
• Advice on digital topics and technologies
• IT Compliance Management Systems (CMS)

Nowadays, the generation of financial statement information relevant under commercial and tax law can only be realised using computer-assisted accounting systems. In order to confirm the completeness and accuracy of the data origin and the figures, our experienced IT auditors efficiently examine the ERP systems and data sources used in your financial statements and compile the results in a conclusive manner. As part of our IT audits, we ensure that your IT systems work efficiently and generate reliable data.

The requirements imposed on internal auditing have increased. It has evolved from a supervisory body into a support and advisory service. As a result, more and more companies are deciding to introduce this function. However, they do not always have sufficient internal resources and the IT expertise.

We provide support as “external” experts in all matters relating to the organisation and provision of internal audit services.

Data analysis is the universal tool for extracting decision-relevant knowledge from unstructured mass data. Although it is traditionally associated with audit issues, it can apply just as well to business matters such as payment and buying behaviour as well as many other application scenarios. Our data extraction & data analysis competence centre helps our auditors and clients to draw the right conclusions from the production factor “data”.