Information Technology Audit

For all the opportunities technology brings to companies, it can bring just as many risks – especially for companies that are growing rapidly. Technology risk forms a critical component of an organisation’s risk profile but can often be overlooked or given insufficient attention. This is sometimes due to a lack of understanding of technology risk, or that technology risk remains outside of the more traditional risk themes often recorded in organisation risk registers. With the proliferation of complex technologies in many organisations, proactive management of technology risk should be considered a priority.

The world is changing, and technology will reshape our lives over the coming years, whether digitalisation, advanced data analytics, cloud or robotics change will touch many aspects of life and business. The benefits of transformation are becoming increasingly evident. We believe Boards and Senior Management will need to respond to this change in a multitude of ways, with one vector being the quality of the Technology Risk and Assurance insight and ‎capabilities available to them. At BDO, we continue to innovate and invest, so that our clients have access to the latest advice and assurance over the key risks areas.

BDO has significant experience of guiding organisations on managing risks - from the review of infrastructure, applications, and systems, to providing guidance on how to set up an effective process for IT governance which can be quickly embedded in an existing organisation risk management framework. BDO’s dedicated professionals provide our clients with a range of Technology advisory and audit services to contain risk, minimise downtimes, comply with complex government regulations and help the company run more efficiently. We value our client relationships and take pride in helping them tackle their biggest challenges – whether they’re expected or unexpected.

BDO provides the following range of Technology services:

• IT Strategy, Governance & Risk Management: Typically due to weak IT strategy, governance and risk management, there are several areas where weakness in the IT and Data environments can create systemic issues for a business. Our experienced professionals work with CIOs and IT executives through the IT lifecycle to define strategy, manage system architecture, and measure results to maximise value and enable enhanced business performance. ​We also assist the clients to modernise and transform their IT operations by defining responsibilities and support decision making and eliminate the chances of failure by introducing best practice frameworks for IT governance such as COBIT. We ensure the best alignment between business objectives and IT, which could be achieved through: understanding the organisational culture and environment, identifying work processes, focusing on the automation opportunities, risks, obstacles and simplicity.

• Application Controls and Assurance: Application controls are those controls that pertain to the scope of individual processes or application systems in use. Application systems range from very small to Enterprise Resource Planning (ERP) systems. Our IT Auditors assess application controls which include: Inherent controls, Configurable controls, Security controls (Such as user access, segregation of duties controls), Reporting controls, Workflow controls and automated computations and Validation checks.

• Segregation of Duties: In cases of complex, multi-system environments, ERP systems and maintenance of access rights and user roles can be a big challenge. This increases the likelihood and occurrence of inappropriate authorisation settings, thereby posing risks of unauthorised access and fraud. We help you design and implement access roles that minimise the associated risks while making continuous administration and maintenance effective and reliable.

• IT Service Management: IT services continue to be outsourced/off-shored, located in the cloud or brought back in-house. IT organisations must continuously optimise their operations and respond quickly to their needs. The close interplay of IT management tasks supports the highly available, secure, high-performance and high-quality operations of the IT services and their continuous improvement - the professional provision and management of IT services. We can provide the Board with assurance over any transition plans or the gaps in the current IT service delivery model using ITIL or ISO/IEC 20000.

• IT Infrastructure Management: BDO’s IT Audit team conducts an in-depth risk assessment and audit of an organisation’s IT environment to determine where risks are. We help clients create systems and processes to keep organisations safe; from testing data back-up procedures to creating rigorous methods that will safeguard information when employees leave the company. This also includes a review over the IT General Controls (ITGCs), IT Asset management, access controls (physical and logical), and Service level management and Datacenter environmental controls.

Our audits are based on industry standards, frameworks, and good practices such as ISO 27001 standard, ISO/IEC 20000, COBIT, ITIL, NIST, NESA, ADAA, Dubai ISR guidelines.