IT Audit & Advisory

For most if not all organizations, IT (Information Technology) is a key driver for achieving business objectives. New technologies and IT new business models, such as Cloud Computing, Outsourcing, Bring Your Own Device, but also ‘simpler’ developments like automating existing manual processes, data conversions and upgrading existing systems contribute to the organization’s objectives but also bring new risks or increase existing risks.

With our IT Audit & Advisory services we support you in managing the IT risks effectively and efficiently.

What we offer

We perform an independent assessment of the risks and controls related to your IT organization and supporting processes and provide actionable recommendations for improvements.

Starting point in our approach is to understand the business challenges related to IT. Examples of questions that will facilitate this process are:

  • Are the users satisfied with the quality of IT and IT services?
  • Are you aware of all (relevant) IT risks and are you managing these adequately?
  • Are you managing the IT costs properly and are you spending the IT budget adequately?
  • How dependent are you on IT and do you have sufficient and adequate back-up and contingency plans?

The answers on these questions will be translated to IT related objectives which will subsequently be assessed.

Assurance reports

Is your organization requested to provide an assurance report (ISAE 3402 or ISAE 3000)? These assurance reports and the activities to be performed to deliver the reports need to follow the standards of the International Federation of Accountants (IFAC).

As we understand the formal aspects of these standards we support you in this journey to deliver an assurance report; this includes knowledge transfer to your organization, managing the relationship with the external auditor as well as setting realistic timelines.

For questions please contact us.

Take aways 

  • Set up a project charter that will take effect preferable during feasibility but ultimately during design
  • Write a business case and problem statement
  • Define scope of the project
  • Define objectives and goals of the project
  • Involve stakeholders and define priorities
  • Set measurable milestones
  • Ensure that the right sponsors provide buy-in.
  • Identify (project) risks and how to manage them
  • Jointly validate and refine the project plan and develop a roadmap to success
  • Hold regular meeting to track progress of the various work streams

We combine technical knowledge with industry understanding and knowhow of technologically advanced tools and methodologies available in the market or developed by ourselves.

  • Focus on business processes that could be improved
  • Perform As-Is assessment
  • Anticipate future changes
  • Define scope and actions for short, mid and long term
  • Write business case for change
  • Realize sponsorship for implementation


Technology-related risk: understand and address the potential harms and benefits of (new) technology.

Privacy is high on the priority list of organizations nowadays, not only because of the more stringent laws and regulations, but also because of the significant impact financially and on a company’s reputation in the market and competitive position especially if complying with regulations is a competitive advantage.

We understand the language of the business as well as IT.