The increasing flexibility and dynamism of IT provides more opportunities to respond to the needs of organisations, employees and stakeholders. A growing number of systems are accessed via the internet and cloud computing, regardless of time and location.
The growing complexity and dynamics, as well as the deeper need to understand the impact of this development, also affects the traditional way of auditing. This is increasingly driven by IT.
This means extensive use is made of that part of the internal control system that is located in an ERP application or in several systems that are linked to each other in a certain way.
In order to actually be able to rely on the part of the internal control system that is located in an application, a so-called system audit must be performed. This implementation starts with a process. A risk arises from a process in which a control measure covers a risk. A system of internal control is necessary to ensure reliable and verifiable automated data processing. This system consists of:
- The generic internal controls, whereby measures do not relate to a specific business process or a specific automated system. These are the so-called ‘General IT Controls’.
- The programmed internal control measures that are included in the applications: ‘application controls’. Examples are the authorisations in systems and status parameters in the system that initiate (financial) entries.
- The manual internal controls implemented by the users, the so-called user controls.
The interplay of these control measures ensures that there is an effectively developed and adequately designed application. It is used to obtain a comprehensive interpretation of the effectiveness and efficiency of internal operations. With this method, it meets the need for an organisation or software supplier to know whether an application has been effectively developed and adequately set up. The system audit can also support the audit of the financial statements of an organisation.
Mazars can help you with
The specialists of IT Audit & Advisory have extensive experience with system audits. For example, as part of a certification of a software supplier, as a conclusion of an implementation (post-implementation audit) or as part of an operational audit by an internal control or internal audit department. We are happy to tell you more about the usefulness of a system audit and how it can be of value to your organisation.
Want to know more?
Do you want to know more? Please contact Gert-Jan Gerrits by e-mail or by telephone: +31 (0)88 277 19 54 or with Jan Matto by e-mail or by telephone: +31 (0)88 277 13 99. They will gladly help you.