IT audit & assurance

As technology evolves, so too do the risks to organisations. No matter what the size of your charity, it is essential that your management and Board members can be assured that the measures in place are sufficiently robust to minimise risks.

Our IT assurance specialists keep their knowledge fully up to date so that we can be responsive to emerging technology and the related risks.

While traditionally IT assurance was sought for access controls, the significant increase in IT expenditure as a proportion of overall expenditure means that assurance is also required for strategic and operational elements of IT. This allows you to determine whether your charity’s investment in IT (technology, process and people) is delivering value for money and business benefits.

How we can help

We can help your charity to examine the effectiveness of the technical and procedural controls of your IT systems and networks in order to minimise risk and accurately forecast and anticipate future requirements.

We can also help in determining the effectiveness of IT operations within a charity to assess its compliance with IT best practice standards and frameworks.

Our IT assurance services provide:

  • Reinforcement of your charity’s risk appetite.
  • Help in identifying the IT systems and operations which present the greatest potential operational risks to your charity.
  • Assurance in respect of compliance with relevant legislation and regulations to safeguard assets by instituting effective internal controls.
  • Provide advice on how to improve management controls

Our approach

Our services can be delivered as a stand-alone assignment or as part of a planned programme of IT assurance activity. We can provide assistance to your in-house team or can act in the capacity of an in-house team working in tandem with your internal audit team.

We adopt a risk based approach to ensure that our work addresses the key risks to the organisation and apply IT best practice standards and frameworks to recognise organisational and resource constraints, such as:

  • COBIT (Control Objectives for IT)
  • ITIL (IT Infrastructure Library)
  • ISO20000 (International IT Service Management standard)
  • ISO27000 (International Information Security standard)
  • PRINCE2 for project management assignments

On completion you will receive a tailored report which identifies areas of good practice and areas for improvement. For each area of improvement, we will produce an action plan that identifies the controls that require to be implement to reduce risk to a level consistent with management’s risk appetite and which is aligned with best practice.