
Audits & Assessment
The ongoing digitalization entails wide-ranging social change which is accelerated by the Corona crisis.
This change has enormous implications for our daily life and even more so for IT-organizations. The implications affect current infrastructures and processes as well as people who bear the brunt for putting the digitalization into practice. Compliance officers are more challenged than ever because they must ensure full compliance with legal regulations – completely independent of rapid technological advancement. Let us tackle this complex topic together to operate successfully in the digitalized world.
Central challenges of the internal audit
in the IT environment
Get in touch with IT Resilience
- The availability of IT services is critical for any type of business.
- Failures with customer impact cause financial damage and loss of reputation on the customer side.
- In addition to classic business continuity, service resilience is gaining in importance.
Auditing Security
- The effectiveness of the security processes and tools is the central object of the IT audit.
- The assessment of the security organisation and its ability to address threats is essential.
- Security as a 2nd line function is a cooperative organisation and complements the IT audit with its own audit activities or is a joint audit partner.
Face Emerging Technologies
- Digitalisation encompasses all topics that actively influence processes, infrastructures and organisation
- Increases the degree of IT dependency of the business
- Emerging technologies such as artificial intelligence change the risk exposure
Mind the regulatory gap
- IT processes are oriented towards standards (ITIL, COBIT)
- Current regulatory and compliance requirements are to be mapped in technical reality
- DSG revision part 2 must be implemented in practice
- Adaptation of IT control frameworks in the agile environment as well as validity checks
Trend-Radar tech-driven Audits
Always On
Consulting / Latent Audit Issues
1.Architecture & Strategy
Auditfokus-Ausfallbereiche
2.Virtualisation
3.Storage
4.Network
5.Operating systems
6.Hardware
Rolling/Standard Audits
7.Application layer
8.Data center
9.Business continuity process
10.Control systems (STADA)
Cyber Security
Consulting / Latent Audit Issues
11.Forensic toolset
12.Functionality SOC
Audit focus
13.Crisis responsiveness
14.CSIRT-Capabilities
15.Security Reporting
Rolling/Standard Audits
16.Security compliance audit (joint audits)
17.Access rights
Digitalisierung
Consulting / Latent Audit Issues
18.Quantum Computing
19.(Decision) Algorithms
20.Shadow-IT
21.Comatose virtual servers
Audit focus
22.Digitalisation strategy
23.Shift2Online (portals, CRM)
24.(Robotic) Process Automation
25.Cloudification
26.Big Data Analytics
27.M&A / Venturing
Rolling/Standard Audits
28.Agile control systems
29.Digitisation projects
30.Agile organisation
31.API (application programming interface)
Data Governance
Consulting / Latent Audit Issues
32.Data Privacy Impact Assessments (DPIA)
Audit focus
33.Policies, directives, GTCs
34.ADV compliance / contractual obligations
35.Organisation & Roles & Culture
Rolling/Standard Audits
36.Data handling processes
37.Assessment of data types and storage locations
38.Data classification
39.Technical-organisational measures (TOM)
40.Audit 3rd party service provider
Where you can meet us
ISACA Conference Europe
20.10.2021 - 22.10.2021
Our methods and products
Emergency Services
There is an always-on expectation for critical IT services. Nevertheless, failures can happen at any time, as no technology works smoothly all the time or from the beginning. Continuous releasing means that changes are constantly being introduced that alter the existing applications. This results in instabilities or unusual application behaviour.
Any company can be affected by IT emergencies and suffer losses and damage as a result. Likewise, projects, the central heart of digitalisation, can get into trouble. In both cases, the goal must be to return to a working state as quickly as possible. This requires a comprehensive root cause and failure analysis. This is the only way to introduce effective countermeasures that prevent the same mistake from happening again!
In such emergency situations, the Eraneos Group can support you not only quickly and with technological competence, but also independently from a neutral assessment position and successfully master the crisis together with you. We show you where action is needed and develop recommendations on how you can sustainably improve the situation.
IT-Revision
Internal auditing is responsible for protecting corporate values and ensuring compliance with legal and internal requirements. The wave of technology that accompanies digitalisation presents traditional IT auditing with challenges that are almost impossible to solve. On which topics must it focus, what expertise must be available in-house and how can the board of directors be competently supported in the performance of its duties?
We are increasingly observing the return of the "classic IT auditor" from the 1980s. This is highly specialised and can only be used for selected topics, such as Cisco networks or virtualisation technologies. Today, the required range of specialisation can often no longer be fully covered by internal IT auditing. This results in the requirement to either involve internal subject matter experts or to build up external expert networks. Eraneos offers you specialists who are not only proficient in a wide range of technologies, but are also familiar with modern audit methods.
(IT Infrastruktur Check)
Digital Check (IT Infrastruktur Check)
Today, digitalisation affects companies of all sizes across all industries. The associated changes in many different areas of the company are noticeable every day and have an impact on the long-term competitiveness of a company. The question of what this development means for a company and how well it is positioned for its digital transformation is therefore highly relevant.
Digital readiness describes the ability of an organisation to help shape the digital shift and digital transformation by developing digital innovations and disruptive digital business models. With the Digital Readiness Check, the maturity level of an organisation can be determined on several levels.
As part of the analysis, organisations learn, for example,
- how systematically and concretely digital strategies are formulated and communicated across hierarchical levels.
- how well marketing is aligned with the needs and customer journeys of digital customers.
- which digital skills employees have and how these can be optimally promoted through targeted training.
- how agile the organisation with its current structures can react to the change and to what extent the corporate culture drives the digital transformation.
The Eraneos Group analyses your digital readiness, identifies where there is a need for action and derives concrete measures from this together with you so that you can successfully drive forward the digital transformation step by step. At the same time, we can support you in assessing the future viability of your IT infrastructure and the associated services in a changing technological environment and show you industry-specific or cross-industry recommendations for action.
IT Compliance Framework
In companies that use agile methods, two worlds collide: on the one hand, IT compliance requires adherence to external laws, internal rules and regulations or contracts. In essence, this means above all having IT under control in accordance with the law. On the other hand, agile methods and organisational forms are increasingly pushing their way into everyday business and increasing the speed of change in IT.
The current Swiss data protection law dates back to 1993 and will hopefully be finally revised this year. However, even then there will still be many grey areas in which compliance officers will have to develop their own understanding and risk awareness.
The only slowly changing compliance requirements are confronted with self-organising teams that want to individually shape the interaction via processes and tools. Companies that use agile methods are therefore well advised to combine both approaches in a targeted manner.
Our competent and experienced consultants can support you in creating an agile IT compliance framework. Our focus is on effective controls that both ensure compliance with legal requirements and guarantee a sensible, financial allocation of resources.
Digital projects
Projects are at the heart of digital transformation. Given the investments made by organisations in the introduction of new applications and cloudification, there is rightly a high expectation of corresponding projects and their delivery results. Nevertheless, we regularly see projects in disarray. The reasons for this are manifold and range from classic project management issues to unexpected technological challenges to underestimating the impact on ongoing operations associated with project implementation.
In order to safeguard the investments made, it is necessary in such cases to quickly identify the causes and define sensible countermeasures in a timely manner. Based on our Go2Green methodology and our organisation- and technology-neutral assessment position, we can provide you with a sound decision-making basis for dealing with corresponding situations within a short time.
3rd Party Supplier
In digital companies, cooperation with external service providers plays a central role, as they are able to provide crucial technologies, resources or expertise in a timely manner - regardless of whether the service provider is strategically integrated or a pool of service providers provides the required services. Such cooperations bring numerous advantages. At the same time, however, they increase the risk exposure of companies to these service providers, whether through dependence on critical know-how or increased requirements due to data protection legislation.
Eraneos has extensive experience in sourcing service providers and can not only identify potential dependencies and risks with 3rd party assessments, but also provide practical recommendations for action that support your procurement processes.
Merger & Acquisition
Startup Integration
Due Diligence / Merger & Acquisition / Startup Integration
The upheavals in IT are driven by the large market providers. However, the majority of innovation is generated by small innovative companies and service providers. Meanwhile, many of these companies are looking into M&A, corporate venturing or cooperations in order to have the best new technologies available for their own business model.
However, sooner or later the question arises whether the new technology fits into the existing IT landscape. It is also important to clarify whether the organisation can handle the planned integration and how much effort will be required for the associated process harmonisation.
Since start-ups also operate independently of regulatory requirements or compliance restrictions, existing deficits often only come to light when they are taken over into regular operations. This is usually too late. In order to protect investments and safeguard the functionality of a platform and the quality of its implementability, the fulfilment of these requirements should be ensured at an early stage.
With an organisation- and technology-neutral assessment, Eraneos supports internal managers in making the right decisions in this context.
Digitalisation strategy for internal audit departments
The question of what amounts are invested in the digitalisation of the audit departments cannot be answered in most cases. Yet it is precisely the audit departments that are called upon to provide a counterweight to corporate developments, to critically point out risks and to provide qualified support to the board of directors in its tasks.
Our observations show, however, that internal auditors are not only exposed to increasing pressure to be efficient, but also have to fulfil their task with fewer and fewer resources.
In short, audit departments also need a digital agenda and must adapt their strategy to the changing conditions in their environment. Strategy development with experienced experts from Eraneos supports the maintenance of internal audit's effectiveness in the context of digital transformation.
Decision algorithms - governance, framework, bias identification, testing
Artificial intelligence (AI) can significantly improve process efficiency and quality in companies. Decision support with the help of artificial intelligence is the most important driver of the second wave of digitalisation.
The use of machine learning methods and decision algorithms will have a lasting impact on everyday life. It is important not only to look at AI from a technology perspective, but also to align it with regulations and compliance in the long term and to anticipate changes in regulations at an early stage. At present, the legal framework is still weak. However, in a resolution passed with a large majority, the European Parliament calls for comprehensive laws for robots and artificial intelligence at EU level.
Via the equivalence principle, which ensures the comparability of the legal framework conditions between the EU and Switzerland, these requirements will also have an effect at the Swiss level.