Technology and Systems Assurance
Are technology controls managing your financial reporting and business risks?
With technology increasing in sophistication and complexity, it is essential that the Board and Senior Management have access to leading edge Technology Risk Assurance skills that will bring value and insight to your business.
As outlined below, we have a large team of Technology Assurance specialists, supported by latest methods and leading edge tools:
- IT Infrastructure Assurance: Our IT audit specialists are trained to operate alongside our financial auditors to add value to BDO Audit Methodology. This includes a review over the IT General Controls (ITGCs), automated application & business processing controls, batch processing risks and BDO’s data analytics solutions (using tools such Qlik, IDEA and SQL scripting).
- Cyber Security: Our security experts work alongside businesses to provide threat intelligence to senior management or conduct Security healthchecks, vulnerability scanning and penetration testing, network security reviews, PCIDSS accreditation reviews, security breach response plan, cyber security strategy advice, the security policies to prevent an attack, protect strategies, the monitoring tools to deploy, and good practice response plans.
- Access Management: Our methods include evaluation of authentication and identity management controls, deployment of tools to assess segregation of duties across systems or databases and review of privilege users.
- Technology Forensics: Our technology forensic specialists can draw on a wealth of experience and war stories to aid your fraud management strategy, deploy the latest fraud discovery tools & techniques, conduct email scanning and help reduce socially engineered attacks.
- Data Management: Our data experts provide skills in data analytics, data mining, database security, data privacy and data quality. They bring a wealth of experience and knowledge across most data environments, including Oracle, DB2 and SQL.
- Application Level Risks: Our specialists in SAP, Oracle, Navision, SAGE and other systems can tailor specific reviews to cover user commissioning, evaluation of roles & permissions, automated controls or system embedded workflows, change management, interface management. We can deploy security tools and data analytics to aid the quality of the outputs.
- IT Resilience: Our specialists can assess the quality of your business impact assessments, disaster recovery plans, backup arrangements, testing and recovery approach.
- Project and Change Management: With digital transformation comes challenge. Drawing on the experiences of working with many organisations going through change or IT projects in crisis, we can provide an assess the digital strategy, the quality of the functional or technical specifications, stakeholder engagement, project governance, project planning, financial management, controls design, data migration, testing plans, training approach, cut-over to BAU and management of 3rd parties. We tailor our healthcheck to focus on the key challenges or risks facing the transformation programme.
- IT Service Management: IT services continue to be outsourced/off-shored, located in the cloud or brought back in-house. We can provide the Board with assurance over any transition plans or the gaps in the current IT service delivery model (using an ITIL benchmarking assessment tool).