The role of IT auditing within governance and assurance
In modern organizations, IT auditing is no longer a separate discipline, but an integrated part of governance and assurance. Digital dependency makes reliability of systems directly related to reliability of financial and operational reporting.
Our IT auditors examine how IT processes are set up and to what extent they guarantee data quality, continuity and compliance. Among other things, they analyze the design and operation of IT governance, change management procedures, authorization management, data integrity, and the availability of systems.
ARC People's IT audit expertise is typically deployed on an interim basis, for a period of time or for a defined audit project. For many clients we have also become a permanent addition to their own permanent team, in the form of co-sourcing.
Our approach: from IT governance to continuous auditing
Our approach combines technical depth with a risk-based audit methodology. ARC People's IT auditors have extensive experience with IT general controls (ITGC), application controls and the use of data analytics within audits. They assess not only the operation of individual controls, but also the connection between IT, processes and human actions.
In organizations with mature IT environments, we are increasingly focusing on continuous monitoring and audit automation. This allows real-time monitoring of deviations in systems and faster identification of risks. This form of digital assurance provides directors with up-to-date insights into the level of control and contributes to a culture of continuous improvement.
In-depth IT topics within our audits
The issues organizations approach us with are becoming broader and more complex. IT auditing today touches diverse domains, from cyber resilience to data privacy. For example, we test the effectiveness of control measures in the context of the NIS2-Directive and the DORA-Regulation, looking at how organizations have designed and tested their digital resilience.
An important part of this is cyber recovery: the ability to restore systems and data quickly and in a controlled manner after an attack. Our auditors assess whether recovery strategies are realistic and whether backup procedures are actually tested. This ties in with our ransomware readiness studies, where we analyze how organizations can detect, isolate and mitigate incidents before critical processes fail.
Cloud risk assessments are also taking hold within IT auditing. More and more business processes run in hybrid or full cloud environments, shifting dependencies from internal IT departments to external providers. We assess how organizations manage these dependencies and whether the right contractual, technical and organizational safeguards are in place.
We also apply advanced data analysis and process mining to gain insight into data flows, process anomalies and unusual patterns. These techniques enhance both audit effectiveness and efficiency. They allow audits to be fully data-driven and processes to be tracked over extended periods of time.
Finally, in our IT audits we pay structural attention to information security within the supervisory framework of the Nederlandsche Bank (DNB) and to compliance with privacy legislation such as the AVG. These perspectives ensure that our audits meet both the requirements of regulators and the expectations of customers, shareholders and other stakeholders.
Why organizations choose ARC People
Our clients are diverse, but share one need: assurance about their digital controls. Hiring managers with us can range from a Head of Internal Audit seeking temporary IT audit capacity or specific expertise, to a CISO in need of an expert professional around cyber resilience, or a Partner of an accounting firm seeking additional IT audit support for the annual audit. They typically choose ARC People because of our seniority, expertise and fair rates.
Our IT audit & risk experts are active within professional groups of NOREA, the professional organization for IT auditors in the Netherlands, where they contribute to the further development of the field. Thanks to this involvement, we have direct access to the latest insights around digital assurance, data analysis, AI applications and IT governance. Our clients benefit from this combination of academic foundation and practical applicability: the findings are technically based, but always focused on what makes a difference in practice.
Training 'IT Audit: the basics'
We also offer an IT audit training. A basic training for audit and risk professionals who are going to start in the IT audit field, or who already have some experience in it.
More information on this topic
Are you interested in learning more about this topic? If so, please contact me or one of my colleagues. We are ready to answer your questions and help you further.
Our expert team, with years of experience, is ready to support you and offer personalized advice tailored to your specific situation. We strive to respond to your inquiries as quickly as possible so that you are always helped quickly.
