Roland Perruchoud
IT is the backbone of effective processes, accounting and reporting. Using IT in a targeted and economic way is an important success factor in achieving your business goals. At the same time, the associated risks need to be identified, optimized and controlled.
We support you in establishing, assessing and optimizing your IT, regardless of what systems or technologies you use. Our expertise focuses on:
Regulatory Audits
Regulatory audits have to be performed in accordance with legal and regulatory requirements (e.g. Art. 728 Swiss Code of Obligations or FINMA requirements). When assessing your internal control system (ICS) as part of a statutory audit of your financial statements (Swiss Auditing Standard 315 and 330) we examine the main IT general controls in accordance with Swiss Auditing Standard 890.
- Assessment of the key IT general controls (IT Check).
- Comprehensive assessment of the central IT processes (IT Check plus).
We support you in verifying whether you comply with all of the regulatory requirements. We offer assurance services in areas including:
- FINMA Circular 18/3 (previously: 08/7)
- FINMA Circular 08/21 CID (customer information data and cyber risks)
- Regulatory audits of banks (minimum audit requirements)
- Regulatory audits of insurers (ICSE)
Provider Audits / third-party audits
As an IT service provider, do you want to offer your customers certified assurance that you meet certain defined requirements? BDO supports you with independent audits and assurance reports on your processes and controls.
Here are some examples of provider audits we offer:
- ISAE3402 IT general controls or application controls
- ISAE3000 Testing and setup of control systems
- Service organization control (SOC) audits
- FINMA Circular 18/3 (previously: 08/7)
- FINMA Circular 08/21
- FMA providers (Financial Market Authority Liechtenstein)
- Primary information providers (PIP)
- Data collection point providers
Application Audits
The ongoing automation trend means that financial figures are calculated using increasingly complex IT systems. It also means that many companies encounter challenges when it comes to auditing their financial statements. The quality of financial reporting depends significantly on the quality of business processes, i.e. the underlying data flows and applications. Our application audits establish whether your IT applications are secure and you have an effective ICS in place for your key business processes. This translates into added value for the audit of your financial statements. We support you with the following types of application audit:
- IT cross-sectional audit
- IT user audit
- IT user environment audit
Security Audits
Are you protected from data misuse and cybercrime? BDO examines your IT inside out to pinpoint threats and vulnerabilities. Our standardized and individual audits put you fully in the picture as to your current IT security status, enabling you to identify and categorize risks and develop or improve protective countermeasures. BDO’s security audits include:
- Network auditing
- Security policy review
- Access security review, including validation of authorization concepts
- Business continuity management review
Data audits
Every day your IT systems record huge volumes of data. Analyzing this big data opens the door to new advantages and possibilities such as innovative product development and business opportunities.
- Journal entry testing (JET)
- Data analytics
- Analysis of any dataset or data migration using special audit software (e.g. IDEA, BDO Analytics)
ICS and process audits
We evaluate your IT through comprehensive survey and assessment of your IT organization, processes and controls. We will present our findings to you in a report along with recommendations on how to improve and optimize your IT.
If you require an individual audit, we will be happy to develop and perform a program of procedures tailored to your specific needs and issues.