Limit search to:
reset

Audits & Assessment

in the IT-Environment

The ongoing digitalization entails wide-ranging social change which is accelerated by the Corona crisis.


This change has enormous implications for our daily life and even more so for IT-organizations. The implications affect current infrastructures and processes as well as people who bear the brunt for putting the digitalization into practice. Compliance officers are more challenged than ever because they must ensure full compliance with legal regulations – completely independent of rapid technological advancement. Let us tackle this complex topic together to operate successfully in the digitalized world.

Our service

A continuous and accelerated advancement of IT-technologies accompanies the digitalization. Hardly a day passes without the announcement of a “next big thing”.

This leads to many questions that entail numerous uncertainties and unknowns. How can technological change and the digitalization be reconciled with existing legal regulations? Which business-risks result from the increasing dependence upon technology? Are organizations and processes ready for new technological developments and organizational structures?

Finding the right answers often proves difficult for IT-responsible and IT-auditors. AWK combines broad expert-knowledge with audit & assessment methodology and will competently support you in searching for the right answers.

Stefan Preuss

Senior Manager

tech-driven Audits & Assessments

+41 58 123 98 69

stefan.preuss@awk.ch

Central challenges of the internal audit
in the IT environment

Get in touch with IT Resilience

  • The availability of IT services is critical for any type of business.
  • Failures with customer impact cause financial damage and loss of reputation on the customer side.
  • In addition to classic business continuity, service resilience is gaining in importance.

Auditing Security

  • The effectiveness of the security processes and tools is the central object of the IT audit.
  • The assessment of the security organisation and its ability to address threats is essential.
  • Security as a 2nd line function is a cooperative organisation and complements the IT audit with its own audit activities or is a joint audit partner.

Face Emerging Technologies

  • Digitalisation encompasses all topics that actively influence processes, infrastructures and organisation
  • Increases the degree of IT dependency of the business
  • Emerging technologies such as artificial intelligence change the risk exposure

Mind the regulatory gap

  • IT processes are oriented towards standards (ITIL, COBIT)
  • Current regulatory and compliance requirements are to be mapped in technical reality
  • DSG revision part 2 must be implemented in practice
  • Adaptation of IT control frameworks in the agile environment as well as validity checks

Trend-Radar tech-driven Audits

653582_RebuildgraphicasSVG_021720

Always On

Consulting / Latent Audit Issues

1.Architecture & Strategy

Auditfokus-Ausfallbereiche

2.Virtualisation

3.Storage

4.Network

5.Operating systems

6.Hardware

Rolling/Standard Audits

7.Application layer

8.Data center

9.Business continuity process

10.Control systems (STADA)

Cyber Security

Consulting / Latent Audit Issues

11.Forensic toolset

12.Functionality SOC

Audit focus

13.Crisis responsiveness

14.CSIRT-Capabilities

15.Security Reporting

Rolling/Standard Audits

16.Security compliance audit (joint audits)

17.Access rights

Digitalisierung

Consulting / Latent Audit Issues

18.Quantum Computing

19.(Decision) Algorithms

20.Shadow-IT

21.Comatose virtual servers

Audit focus

22.Digitalisation strategy

23.Shift2Online (portals, CRM)

24.(Robotic) Process Automation

25.Cloudification

26.Big Data Analytics

27.M&A / Venturing

Rolling/Standard Audits

28.Agile control systems

29.Digitisation projects

30.Agile organisation

31.API (application programming interface)

Data Governance

Consulting / Latent Audit Issues

32.Data Privacy Impact Assessments (DPIA)

Audit focus

33.Policies, directives, GTCs

34.ADV compliance / contractual obligations

35.Organisation & Roles & Culture

Rolling/Standard Audits

36.Data handling processes

37.Assessment of data types and storage locations

38.Data classification

39.Technical-organisational measures (TOM)

40.Audit 3rd party service provider

Where you can meet us

ISACA Conference Europe

Hybrid
20.10.2021 - 22.10.2021
IT auditors, security experts and solution providers meet at the event and exchange information on current developments.

Our methods and products

Emergency Services

Emergency Services

There is an always-on expectation for critical IT services. Nevertheless, failures can happen at any time, as no technology works smoothly all the time or from the beginning. Failures require a sound root cause analysis to identify the root causes and act quickly.

There is an always-on expectation for critical IT services. Nevertheless, failures can happen at any time, as no technology works smoothly all the time or from the beginning. Continuous releasing means that changes are constantly being introduced that alter the existing applications. This results in instabilities or unusual application behaviour.

Any company can be affected by IT emergencies and suffer losses and damage as a result. Likewise, projects, the central heart of digitalisation, can get into trouble. In both cases, the goal must be to return to a working state as quickly as possible. This requires a comprehensive root cause and failure analysis. This is the only way to introduce effective countermeasures that prevent the same mistake from happening again!

In such emergency situations, the AWK Group can support you not only quickly and with technological competence, but also independently from a neutral assessment position and successfully master the crisis together with you. We show you where action is needed and develop recommendations on how you can sustainably improve the situation.

IT-Revision

IT-Revision

Digitalisation presents internal auditing with new tasks. Which topics are critical to success, which expertise must be available in-house and how can the board of directors be competently supported in the performance of its duties?

Internal auditing is responsible for protecting corporate values and ensuring compliance with legal and internal requirements. The wave of technology that accompanies digitalisation presents traditional IT auditing with challenges that are almost impossible to solve. On which topics must it focus, what expertise must be available in-house and how can the board of directors be competently supported in the performance of its duties?

We are increasingly observing the return of the "classic IT auditor" from the 1980s. This is highly specialised and can only be used for selected topics, such as Cisco networks or virtualisation technologies. Today, the required range of specialisation can often no longer be fully covered by internal IT auditing. This results in the requirement to either involve internal subject matter experts or to build up external expert networks. AWK offers you specialists who are not only proficient in a wide range of technologies, but are also familiar with modern audit methods.

Digital Check
(IT Infrastruktur Check)

Digital Check (IT Infrastruktur Check)

How well is your company positioned for digital transformation?

Today, digitalisation affects companies of all sizes across all industries. The associated changes in many different areas of the company are noticeable every day and have an impact on the long-term competitiveness of a company. The question of what this development means for a company and how well it is positioned for its digital transformation is therefore highly relevant.

Digital readiness describes the ability of an organisation to help shape the digital shift and digital transformation by developing digital innovations and disruptive digital business models. With the Digital Readiness Check, the maturity level of an organisation can be determined on several levels.

As part of the analysis, organisations learn, for example,

  • how systematically and concretely digital strategies are formulated and communicated across hierarchical levels.
  • how well marketing is aligned with the needs and customer journeys of digital customers.
  • which digital skills employees have and how these can be optimally promoted through targeted training.
  • how agile the organisation with its current structures can react to the change and to what extent the corporate culture drives the digital transformation.


The AWK Group analyses your digital readiness, identifies where there is a need for action and derives concrete measures from this together with you so that you can successfully drive forward the digital transformation step by step. At the same time, we can support you in assessing the future viability of your IT infrastructure and the associated services in a changing technological environment and show you industry-specific or cross-industry recommendations for action.

IT Compliance Framework

IT Compliance Framework

Legal requirements and technical reality often diverge widely. How can you still meet today's IT compliance requirements?

In companies that use agile methods, two worlds collide: on the one hand, IT compliance requires adherence to external laws, internal rules and regulations or contracts. In essence, this means above all having IT under control in accordance with the law. On the other hand, agile methods and organisational forms are increasingly pushing their way into everyday business and increasing the speed of change in IT.

The current Swiss data protection law dates back to 1993 and will hopefully be finally revised this year. However, even then there will still be many grey areas in which compliance officers will have to develop their own understanding and risk awareness.

The only slowly changing compliance requirements are confronted with self-organising teams that want to individually shape the interaction via processes and tools. Companies that use agile methods are therefore well advised to combine both approaches in a targeted manner.

Our competent and experienced consultants can support you in creating an agile IT compliance framework. Our focus is on effective controls that both ensure compliance with legal requirements and guarantee a sensible, financial allocation of resources.

Digital projects

Digital projects

Projects are at the heart of digital transformation.

Projects are at the heart of digital transformation. Given the investments made by organisations in the introduction of new applications and cloudification, there is rightly a high expectation of corresponding projects and their delivery results. Nevertheless, we regularly see projects in disarray. The reasons for this are manifold and range from classic project management issues to unexpected technological challenges to underestimating the impact on ongoing operations associated with project implementation.

In order to safeguard the investments made, it is necessary in such cases to quickly identify the causes and define sensible countermeasures in a timely manner. Based on our Go2Green methodology and our organisation- and technology-neutral assessment position, we can provide you with a sound decision-making basis for dealing with corresponding situations within a short time.

3rd Party Supplier

3rd Party Supplier

In digital businesses, collaboration with external service providers around the use of the right technologies, resources or expertise plays a central role.

In digital companies, cooperation with external service providers plays a central role, as they are able to provide crucial technologies, resources or expertise in a timely manner - regardless of whether the service provider is strategically integrated or a pool of service providers provides the required services. Such cooperations bring numerous advantages. At the same time, however, they increase the risk exposure of companies to these service providers, whether through dependence on critical know-how or increased requirements due to data protection legislation.

AWK has extensive experience in sourcing service providers and can not only identify potential dependencies and risks with 3rd party assessments, but also provide practical recommendations for action that support your procurement processes.

Due Diligence
Merger & Acquisition
Startup Integration

Due Diligence / Merger & Acquisition / Startup Integration

The upheavals in IT are driven by the large market providers. However, the majority of innovation is generated by small innovative companies and service providers.

The upheavals in IT are driven by the large market providers. However, the majority of innovation is generated by small innovative companies and service providers. Meanwhile, many of these companies are looking into M&A, corporate venturing or cooperations in order to have the best new technologies available for their own business model.

However, sooner or later the question arises whether the new technology fits into the existing IT landscape. It is also important to clarify whether the organisation can handle the planned integration and how much effort will be required for the associated process harmonisation.

Since start-ups also operate independently of regulatory requirements or compliance restrictions, existing deficits often only come to light when they are taken over into regular operations. This is usually too late. In order to protect investments and safeguard the functionality of a platform and the quality of its implementability, the fulfilment of these requirements should be ensured at an early stage.

With an organisation- and technology-neutral assessment, AWK supports internal managers in making the right decisions in this context.

Digitalisation strategy for internal audit departments

Digitalisation strategy for internal audit departments

Internal audits are exposed to increasing pressure to be efficient and have to fulfil their task with fewer and fewer resources. This development requires a rethink and new strategies.

The question of what amounts are invested in the digitalisation of the audit departments cannot be answered in most cases. Yet it is precisely the audit departments that are called upon to provide a counterweight to corporate developments, to critically point out risks and to provide qualified support to the board of directors in its tasks.

Our observations show, however, that internal auditors are not only exposed to increasing pressure to be efficient, but also have to fulfil their task with fewer and fewer resources.

In short, audit departments also need a digital agenda and must adapt their strategy to the changing conditions in their environment. Strategy development with experienced experts from AWK supports the maintenance of internal audit's effectiveness in the context of digital transformation.

Decision-making algorithms

Decision algorithms - governance, framework, bias identification, testing

By using artificial intelligence (AI), companies can significantly increase the efficiency and quality of their processes.

Artificial intelligence (AI) can significantly improve process efficiency and quality in companies. Decision support with the help of artificial intelligence is the most important driver of the second wave of digitalisation.

The use of machine learning methods and decision algorithms will have a lasting impact on everyday life. It is important not only to look at AI from a technology perspective, but also to align it with regulations and compliance in the long term and to anticipate changes in regulations at an early stage. At present, the legal framework is still weak. However, in a resolution passed with a large majority, the European Parliament calls for comprehensive laws for robots and artificial intelligence at EU level.

Via the equivalence principle, which ensures the comparability of the legal framework conditions between the EU and Switzerland, these requirements will also have an effect at the Swiss level.

Contact form

We use cookies to provide you with an optimal user experience. By continuing to use our website, you consent to the use of cookies. Please consult our privacy policy if you wish to learn more about this.