Services

IT is no longer just a means to an objective. It is a precursor to digitalisation. This makes it all the more important to ensure that the business processes in the company do not reveal any weaknesses and run efficiently.

An IT audit is a sensible way to gain security. Security that is needed to rely on the systems, the processes and the employees. An IT audit identifies weaknesses in processes and can be used as a basis for improvement.

Within the framework of IT audits or IT auditing, the IT-supported accounting system is assessed to see whether it meets the legal requirements - especially the regularity and security requirements - in order to be able to make statements about the regularity of the accounting. By analysing data, information or findings are obtained that are structured, ordered and presented using various techniques, such as statistical methods, so that the results can serve as a basis for solving problems.

Initial Situation

A WPG performs statutory audits in a complex IT environment.
The IT-supported internal control system is to be assessed.

Problem / Examples

Principles of proper auditing (GoA) require an audit in accordance with IDW PS 330 for audits in complex IT environments.

ITAC Service

Standardized audit designed for 10 controls in accordance with IDW PS 330.
Coordinating appointments and conducting the audit with the client.

Results Report

PowerPoint Report

Initial Situation

A WPG performs statutory audits of financial statements.
In accordance with the GoA, check for any outstanding postings.
To do this, you want to run automated queries over the entire accounting material.

Problem / Examples

Principles of proper auditing (GoB) require the performance of a journal entry test during the audit.

ITAC Service

Standardized, 10-question audit of general ledger entries.

Results Report

Interactive MS Power-BI report with the possibility of own filter functions.
Classic: Word report as summary, Excel files with detailed information.

Initial Situation

You are an audit manager for a statutory audit of an SME or you are a tax advisor of an SME.
The client reveals in discussions that an essential IT project is pending.
Risks relevant to the annual financial statements arise in the course of the IT project.

Problem / Examples

An IT project concerns ERP implementation (e.g. SAP), implementation of a web store, ....
In order to counteract the risks, a project-accompanying audit can be useful.

ITAC Service

Testing adapted to the respective project. This can take place during or after the project.

Results Report

Report PS 850

Initial Situation

The client's accounting-relevant IT or parts thereof are outsourced to service providers. Thus, the latter is obliged to provide evidence of compliance with the regulations.
You are an audit manager and your client takes over the operation of accounting-relevant systems of customers as a service. However, there is no corresponding proof.

Problem / Examples

The client's service provider cannot provide appropriate proof of proper data processing, but the client is interested in it.
Your client would like to submit a SOC report as proof of its service quality.

ITAC Service

Conduct SOC audit and prepare audit report.
If necessary, synergies can be achieved by combining different audit frameworks.

Results Report

Report PS 951
Report ISAE 3402
Report SSAE 18

Initial Situation

You are an audit manager and your client has created its own ERP software with which it processes accounting-relevant data. You want to be sure about the correctness of the accounting. of the accounting.

Problem / Examples

Proof of proper operation of the software is required. E.g. for ERP systems, cash register systems, payroll accounting, financial accounting, etc.

ITAC Service

Conducting the audit according to IDW PS 880 and preparing the audit report.

Results Report

Report PS 880

When implementing your digital finance project, the GoBD are the key benchmark for success.

Initial Situation

You are the audit manager and your client informs you that he no longer wants to keep paper documents and therefore needs to destroy them. He has not yet created any procedural created.
Your client has implemented a DMS and is unsure if they have thought of everything. There are open questions.

Problem / Examples

When digitizing documents, controls must be implemented to comply with the requirements of the GoBD.
Especially in the case of replacement scanning and the introduction of a DMS.
Procedural documentation must be available.

ITAC Service

We examine how the status of GoBD compliance at the client is to be assessed and prepare a review report.
Support in the implementation of digitization processes and in the creation of procedural documentation.

Results Report

Report according to IDW PH 9.860.4
Procedural documentation

Ausgangssituation

You, as the SWIFT user selected for the evaluation requested by SWIFT, have been notified by SWIFT to the CISO.
SWIFT requires users selected for evaluation to appoint an independent third-party (i.e., external) evaluator and to use SWIFT's standard templates for independent evaluation.

Problem / Beispiele

All of the companies participating in the SWIFT network used to settle payment transactions (that is, own a SWIFT BIC) have to meet the security requirements of SWIFT’s own Customer Security Program (CSP).
These requirements were first made public in 2016.

ITAC Dienstleistung

Falk ITAC experts will assist in self-certification for all types of SWIFT connections.
The work includes organization of the process of self-certification, its direct execution, verification of compliance with the mandatory requirements of SWIFT to ensure the IS, as well as supporting the decision-making on compliance with the recommended requirements of SWIFT to ensure the IS.
While assisting in self-certification, Falk ITAC experts will check the information security system of the SWIFT segment, as well as documentation analysis.

Ergebnisbericht

After the Independent External Assessment , FALK ITAC provides the Customer with an interim report in English with recommendations for the fulfilment of the mandatory requirements of the SWIFT CSP Independent Assessment Framework for the provision of IS.
Upon implementation of the recommendations, the Contractor conducts a final independent external evaluation and generates a final report in accordance with the requirements of the SWIFT CSP Independent Assessment Framework in English.
Based on the final report in the KYC-SA Personal Area, the staff of the audited organization shall independently mark the implementation/non-implementation of each of the controls, indicating the type of assessment as "External Assessment" and identifying the auditing organization and its employees.

Initial Situation

Your client needs to prove to its business partners that it has an appropriate and effective data protection management system in place in accordance with the GDPR.

Problem / Examples

Especially for companies in the B2C sector with mass transactions, customer data must be particularly protected.
With an audit in accordance with IDW PH 9.860.1, the legal representatives fulfill their commercial duty of care.

ITAC Service

Performance of a data protection audit in accordance with IDW PH 9.860.1.
Appropriateness test or effectiveness test.

Results Report

Report on the Data Protection Audit

Initial Situation

Your client informs you that he is a service provider for Microsoft. He is to prove the requirements on the part of Microsoft for his suppliers with an SSPA audit.

Problem / Examples

Microsoft requires its suppliers who work with Microsoft customer data to provide separate proof of the information security of the business partner.

ITAC Service

Perform the audit according to Microsoft SSPA requirements.

Results Report

SSPA Audit Report

For management, the key is to make cybersecurity and IT security the focus of communications and to train them regularly. This is a task that we are happy to take off your hands and for which we offer a comprehensive training and education program. ready for you. Because every employee makes decisions every day that impact your information security. From the password to the responsible use of e-mails to the use of exclusively protected websites. 80 percent of a company's security incidents are caused by employees - mostly out of ignorance. Thus, the safe handling of data and technologies cannot always be assumed. be assumed. We will be happy to inform you about our training program and, if you wish, also put together a customized training course for you.

Whether customized or a training from our standardized training program. Whether on a regular or one-off basis, for the specialist or the user team - use the know-how of our data and IT security experts, to sharpen the perception for information security in your company.

At FALK, we provide our clients with targeted support in the form of professional training and coaching to meet these challenges. Technical training and coaching as well as professional consulting are closely interlinked. closely linked with each other. While the latest theoretical findings are continuously incorporated into our consulting approach, we use the practical experience gained from our projects to constantly optimize our training and coaching methods. and coaching methods.

Initial Situation

Your client informs you that he plans to carry out training measures. The aim is to increase efficiency, security awareness or compliance, for example.

Problem / Examples

Training courses should be used to teach employees about topics such as GoBD, IT security, information security and the use of SAP.
SAP for auditors and accountants
IT Audit KMU
Understand GoBD

ITAC Service

Implementation of training measures on various topics.
This can be done in-house or remotely (e.g. via MS Teams).

Results Report

Training materials

Initial Situation

The client's accounting-relevant IT or parts thereof are outsourced to cloud service providers. This means that the latter is obliged to provide evidence of compliance.
Your client is a cloud provider and wants to offer outsourcing of IT systems for customers.

Problem / Examples

Your client would like to submit a report according to BSI:C5 as proof of its service quality.

ITAC Service

Preparation of an audit report according to BSI:C5.

Results Report

Audit Report

Penetration testing protects you from cyber attacks. Every day, hackers use new methods to try to uncover security holes and vulnerabilities in IT systems and thus gain access to the important data of medium-sized companies. Just like our IT security experts. The difference is that our experts use special tools to deliberately and specifically search for vulnerabilities and security gaps in IT systems. For this we rely on specially vulnerability tests designed for this purpose, penetration tests, also called pentests. Why? To close security gaps in your IT systems and to make you, as the person responsible in the company, aware of vulnerabilities in applications, software and tools. Thanks to penetration testing, you can protect your systems more effectively. Would you like to learn more? Then please feel free to contact us.

Initial Situation

You want to strengthen yourself against external attacks and proactively have your network scanned for security vulnerabilities.
You are subject to a regular audit of your ISMS and must prove once a year that you have had your network examined by experts for intrusion gates.

Problem / Examples

You want to get ISO 27001 certified and want to make sure in advance that your network is sufficiently protected from the outside.

ITAC Service

Planning and execution of vulnerability scans, security scans or penetration tests.

Results Report

Detailed report on security vulnerabilities.

Initial Situation

Your client is a supplier of a company that has implemented an ISMS and is certified according to ISO27001. One is now required to demonstrate such certification oneself.
A company wants to enter new business areas where an information security management system is required.

Problem / Examples

The customer is required to demand certification of its suppliers due to requirements from ISO27001.
Certification of the ISMS according to ISO27001 serves internationally as proof of compliance with the information security principles.

ITAC Service

Conduct an ISO27001 readiness review with gap analysis.
Support of both implementation of an ISMS.
Implementation or support of a certification according to ISO27001.

Results Report

Readiness-Analysis
ISO Certification

Our Services

IT Audit

Journal Entry Tests

IT-Projects Audit

SOC Reports

Software Certification

GoBD

SWIFT CSP Assessment

Data Protection Consulting

Data Protection-Audits

Microsoft SSPA Audits

Trainings

IT Due Diligence

BSI:C5

Vulnerability scanning

ISMS