IT audits for auditors

As an auditor, you need a partner who checks and analyzes the security of the company's IT systems for risks, particularly with regard to the availability, confidentiality and integrity of company information. This is because one of your primary tasks is to certify the integrity of financial figures for your client's accounting, annual financial statements, management reports or similar. In this context, the future forecast to be prepared by you for your client's company also includes statements on the availability of the accounting-related IT systems.

We, GINDAT GmbH, carry out IT audits tailored to the needs of auditors. Your benefit: You receive the necessary expertise on the risks posed by IT systems to your clients' companies as well as recommendations with measures to remedy IT threats. As part of the audit of the annual financial statements, we help you to assess the correctness of the accounting with regard to the client's IT-supported accounting system.

In our structured approach, we adhere strictly to the legal requirements applicable to auditors. In particular, we support you in complying with

• the HGB, AO and UstG
• Risk management (MaRisk) in compliance with the requirements of ISO 27001
• the General Data Protection Regulation (GDPR), taking into account the basic protection manual of the Federal Office for Information Security (BSI) in accordance with ISO 27001 and ISO 27002 as well as the creation of a procedure directory, the appointment of an external data protection officer and the technical and organizational measures together with the identification of potential for improvement.
• last but not least, auditing standards of the Institute of Public Auditors in Germany (IDW), e.g. principles of proper reporting in audits of financial statements (IDW PS 450), auditing of financial statements when using IT technologies (IDW PS 330) with the aim of a factual risk assessment with regard to IT-related audit areas (more on this immediately below)
• the digital tax audit (GoBD), see below

Content and area of application

The Institut der Wirtschaftsprüfer in Deutschland e.V. (IDW) publishes the "IDW Auditing Standard: Audit of Financial Statements with the Use of Information Technology (IDW PS 330)". This auditing standard is used by auditors in audits of financial statements if the accounting of the respective company is carried out using information technology.

Procedure

We assist auditors in assessing the internal control system for its appropriateness and effectiveness in relation to inherent risks in the accounting-related IT systems. We proceed as follows:

• Recording of the IT system to assess the IT control system
• Structural testing of the IT control system
• Functional test of the IT control system

To this end, we review the IT risk management system in place and its processes for identifying and analyzing IT risks. The following IT risk indicators are used for this purpose:

• Dependence on IT (degree of automation, system complexity and sensitivity of data)
• Change processes (project management, customizing, process reengineering through new IT)
• Know-how and resources (required specialist knowledge, user awareness)
• Business orientation of the company and its IT
• IDW PS 330 offers its own tests for assessing the risk indicators. In particular, a separate chapter is dedicated to the risk of IT outsourcing. Finally, the security of the IT control system itself and the IT supporting the audit must be assessed. The test criteria are completeness, timeliness, order, traceability and immutability

Certification

Nach einer erfolgreichen Auditierung, bei der wir Sie unterstützen, wird Ihnen das TÜV-IT-Zertifikat erteilt.

After a successful audit, in which we support you, you will be awarded the TÜV IT certificate.

GoBD - Principles for the proper keeping and storage of books, records and documents in electronic form and for data access

We offer the necessary expertise to prepare for the digital tax audit (GoBD). To this end, we check and analyze the current status of data storage. Based on this knowledge, you can assess the tax relevance of the data and its retention. Specifically, we support your client with

• lawful document archiving,
• Document Management Systems (DMS),
• Archiving of electronic mails,
• storage of digital documents for cash transactions,
• qualified electronic signature,
• electronic invoices and electronic data interchange (EDI),
• Implementation of e-balance sheet requirements.