Technology assurance

IT assurance (audits) is the examination and evaluation of an organisation's information technology infrastructure, applications, strategies, policies, procedures and standards. IT audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business's overall strategy and objectives.

An IT audit (also called an information systems audit) is today an integral part of an external and internal audit. Our IT audit services are geared towards providing our clients with robust independent assurance that their IT risks, key management (governance) priorities and core systems are being appropriately managed. Engagements can range from where we express an audit opinion (e.g. under international standards like International Standard on Assurance Engagements (ISAE) 3402 / 3000) to agreed-upon-procedures (e.g. under the International Standard on Related Services) where we simply report on risks and control weaknesses found.

BDO South Africa has a dedicated team of career IT auditors that can support your organisation with the skills and experience you require. Whether it’s a co-sourced or fully outsourced assignment, our team of dedicated professionals can deliver.

For IT-specific audit assignments the methodology not only draws from the COBIT framework, but also other international standards and frameworks, where necessary.

BDO provides the following IT assurance services:

IT Governance (King IV) audits

During our IT Governance audits, BDO normally covers the following aspects: strategic alignment, value delivery, risk management, resource management, and performance measurement.

General IT control, business process and application control audits

General IT controls are designed to protect critical business applications of an organisation. A general IT controls audit examines and evaluates a number of security, change control and data / system availability controls.

Business process and application controls are automated and manual procedural controls over data input, processing and output. Application controls are automated process controls and are designed to protect the validity and integrity of business data in an organisation’s application. An application controls audit examines and evaluates several data inputs, processing and output controls.

Privacy audits (POPI, PAIA & GDPR)

BDO’s privacy audits focus on compliance with both the regulations of the Protection of Personal Information (POPI) Act and the Promotion of Access to Information (PAIA) Act – acts that have been promulgated to protect South African citizens’ personal information. In cases where an organisation also processes European Union (EU) citizens’ personal data, the audit should include compliance verification with General Data Protection Regulation (GDPR) as well.

Project assurance and/or system development and implementation (systems development life cycle (SDLC)) audits

Organisations developing new systems or implementing off-the-shelf systems should not only enforce a sound project management methodology but also follow a customised SDLC methodology to ensure that the new system will be implemented within time, budget, and providing the needs of the business – at an operational and strategic level. A SDLC audit examines and evaluates several best practices.

Revenue assurance

Revenue assurance is considered a process whereby verification of the completeness, accuracy and integrity of the capturing, recording, billing and reporting of all billable events occurs. This is an end-to-end process from customer entry through to the collection or the revenue.

IT Strategy audit

We assess your IT strategy in terms of alignment to overall business objectives and goals, and how well resourced it is to be executed and implemented effectively, and how realistic the underlying roadmap is.