IT Audit / IT Assurance

Regulatory audits have to be performed in accordance with legal and regulatory requirements (e.g. Art. 728 Swiss Code of Obligations or FINMA requirements). When assessing your internal control system (ICS) as part of a statutory audit of your financial statements (Swiss Auditing Standard 315 and 330) we examine the main IT general controls in accordance with Swiss Auditing Standard 890.

• Assessment of the key IT general controls (IT Check).
• Comprehensive assessment of the central IT processes (IT Check ^plus).
   

We support you in verifying whether you comply with all of the regulatory requirements. We offer assurance services in areas including:

• FINMA Circular 18/3 (previously: 08/7)
• FINMA Circular 08/21 CID (customer information data and cyber risks)
• Regulatory audits of banks (minimum audit requirements)
• Regulatory audits of insurers (ICSE)

As an IT service provider, do you want to offer your customers certified assurance that you meet certain defined requirements? BDO supports you with independent audits and assurance reports on your processes and controls.
 

Here are some examples of provider audits we offer:

• ISAE3402 IT general controls or application controls
• ISAE3000 Testing and setup of control systems
• Service organization control (SOC) audits
• FINMA Circular 18/3 (previously: 08/7)
• FINMA Circular 08/21
• FMA providers (Financial Market Authority Liechtenstein)
• Primary information providers (PIP)
• Data collection point providers

The ongoing automation trend means that financial figures are calculated using increasingly complex IT systems. It also means that many companies encounter challenges when it comes to auditing their financial statements. The quality of financial reporting depends significantly on the quality of business processes, i.e. the underlying data flows and applications. Our application audits establish whether your IT applications are secure and you have an effective ICS in place for your key business processes. This translates into added value for the audit of your financial statements. We support you with the following types of application audit:

• IT cross-sectional audit
• IT user audit
• IT user environment audit

Are you protected from data misuse and cybercrime? BDO examines your IT inside out to pinpoint threats and vulnerabilities. Our standardized and individual audits put you fully in the picture as to your current IT security status, enabling you to identify and categorize risks and develop or improve protective countermeasures. BDO’s security audits include:

• Network auditing
• Security policy review
• Access security review, including validation of authorization concepts
• Business continuity management review

Every day your IT systems record huge volumes of data. Analyzing this big data opens the door to new advantages and possibilities such as innovative product development and business opportunities. 

• Journal entry testing (JET)
• Data analytics
• Analysis of any dataset or data migration using special audit software (e.g. IDEA, BDO Analytics)

We evaluate your IT through comprehensive survey and assessment of your IT organization, processes and controls. We will present our findings to you in a report along with recommendations on how to improve and optimize your IT.