IT Audit and Assurance
Information systems strengthen an organisation’s financial and operational processes. Due to increasing IT infrastructure demands, persistent IT security threats, constantly changing business conditions and the need to comply with legislations and regulations that disrupt business operations, the need for IT and information assurance becomes vital.
Grant Thornton's IT Audit services are built to address concerns in company operations, processes and systems. We create business solutions that can help your organisation mitigate risks, support the company and its business objectives, promote efficiency and effectiveness and improve IT internal controls. This can include understanding of the organisation’s strategic, operational, reporting and compliance of the company’s IT investments to improve IT governance processes, IT risk management and strengthen security. Our services focus on identifying and assessing IT-related controls, review of IT processes, and information systems including Financial Reporting and Accounting Systems.
Our team also conducts IT audits as part of the financial audits which help an organisation to manage and respond to risks. This plays a critical role in helping the audit team and our clients understand IT risks and how they impact the business and financial reporting. The audit covers IT General Controls, IT Application Controls, Data Migration reviews, Journal Entry testing of different systems ranging from leading ERP Systems such as SAP, Oracle, Unit4, Sage, Microsoft Dynamics and NetSuite, to in-house applications created by the clients.
MGA System and Compliance Audit: our team can conduct system and compliance audits as part of the Malta Gaming Authority (MGA) licensing requirements and compliance reviews aimed at ensuring that operational and business controls are effective in terms of the Gaming Act (Cap.583) on behalf of the MGA, for which we are approved System and Compliance Auditors.
IT Audit in External Audit: Grant Thornton's IT Audit team can assist the audit team by providing assurance that the systems and applications used for the financial statements reporting are securely controlled and the related risks of error and fraud are minimised. Thanks to the experience we have gained from various advisory engagements, we can assist the audit team with understanding of complex ERP systems and specific industry processes, quickly identify key controls (including banking, insurance, manufacturing, gaming, payment institution) and understand where risks are most likely to exist.
Third Party Assurance Review (SOC): our team can help clients in obtaining service auditor reports against ISAE3402 and SSAE 16 frameworks. We can also assist in understanding and enhance awareness and communicate the implications of a service auditor report. We can then facilitate the identification of in-scope control objectives and associated control activities before performing a gap analysis and present several type 1 and type 2 ISSAE reports for the different parts of your business.