Regardless of whether you are a small or medium-sized enterprise - our industry experts are there for you at all times. In addition to IT-supported annual audits, our service portfolio also includes classic IT system audits and comprehensive individual consulting. We support you in your projects, take on the role of external data protection officer and help you with a wide range of topics such as IT security, IT compliance and digitalisation.
A WPG performs statutory audits in a complex IT environment.
The IT-supported internal control system is to be assessed.
Problem / Examples
Principles of proper auditing (GoA) require an audit in accordance with IDW PS 330 for audits in complex IT environments.
ITAC Service
Standardized audit designed for 10 controls in accordance with IDW PS 330.
Coordinating appointments and conducting the audit with the client.
Results Report
PowerPoint Report
Journal-Entry Tests
IDW PS 210
Initial Situation
A WPG performs statutory audits of financial statements.
In accordance with the GoA, check for any outstanding postings.
To do this, you want to run automated queries over the entire accounting material.
Problem / Examples
Principles of proper auditing (GoB) require the performance of a journal entry test during the audit.
ITAC Service
Standardized, 10-question audit of general ledger entries.
Results Report
Interactive MS Power-BI report with the possibility of own filter functions.
Classic: Word report as summary, Excel files with detailed information.
IT-Projects Audit
IDW PS 850
Initial Situation
You are an audit manager for a statutory audit of an SME or you are a tax advisor of an SME.
The client reveals in discussions that an essential IT project is pending.
Risks relevant to the annual financial statements arise in the course of the IT project.
Problem / Examples
An IT project concerns ERP implementation (e.g. SAP), implementation of a web store, ....
In order to counteract the risks, a project-accompanying audit can be useful.
ITAC Service
Testing adapted to the respective project. This can take place during or after the project.
Results Report
Report PS 850
SOC-Reports
IDW PS 951, ISAE 3402, SSAE 18
Initial Situation
The client's accounting-relevant IT or parts thereof are outsourced to service providers. Thus, the latter is obliged to provide evidence of compliance with the regulations.
You are an audit manager and your client takes over the operation of accounting-relevant systems of customers as a service. However, there is no corresponding proof.
Problem / Examples
The client's service provider cannot provide appropriate proof of proper data processing, but the client is interested in it.
Your client would like to submit a SOC report as proof of its service quality.
ITAC Service
Conduct SOC audit and prepare audit report.
If necessary, synergies can be achieved by combining different audit frameworks.
Results Report
Report PS 951
Report ISAE 3402
Report SSAE 18
Software Certification
IDW PS 880
Initial Situation
You are an audit manager and your client has created its own ERP software with which it processes accounting-relevant data. You want to be sure about the correctness of the accounting.
of the accounting.
Problem / Examples
Proof of proper operation of the software is required. E.g. for ERP systems, cash register systems, payroll accounting, financial accounting, etc.
ITAC Service
Conducting the audit according to IDW PS 880 and preparing the audit report.
Results Report
Report PS 880
GoBD
IDW PH 9.860.4
When implementing your digital finance project, the GoBD are the key benchmark for success.
Initial Situation
You are the audit manager and your client informs you that he no longer wants to keep paper documents and therefore needs to destroy them. He has not yet created any procedural
created.
Your client has implemented a DMS and is unsure if they have thought of everything. There are open questions.
Problem / Examples
When digitizing documents, controls must be implemented to comply with the requirements of the GoBD.
Especially in the case of replacement scanning and the introduction of a DMS.
Procedural documentation must be available.
ITAC Service
We examine how the status of GoBD compliance at the client is to be assessed and prepare a review report.
Support in the implementation of digitization processes and in the creation of procedural documentation.
Results Report
Report according to IDW PH 9.860.4
Procedural documentation
SWIFT CSP Assessment
Initial Situation
Based on recognized international standards, the SWIFT financial transaction network has published the Customer Security Programme (CSP), which provides a common basis for IT risk management for all companies connected to SWIFT and also covers requirements of the EU Payment Services Directives PSD2 (2015/23669). This Customer Security Programme (CSP) requires SWIFT users to assess and confirm to SWIFT the level of implementation of the security standards. All affiliates must conduct an assessment of the security measures they have in place and have the security of their infrastructure independently audited on an annual basis.
Problem / Examples
As the SWIFT Customer Security Control Framework (CSCF) is continuously being developed, changes also resulted for 2022. The evaluation and implementation of the requirements poses particular challenges for companies.
Due to a lack of expertise, it is often difficult to answer questions such as defining the type of architecture, the security zone, and deriving the scope of control.
ITAC Service
FALK ITAC-assists you in implementing the requirements of the current SWIFT CSP.Here, we accompany you in the organization and implementation of the self-certification process by conducting a preliminary assessment including a weak point analysis.
Likewise, we can perform the assessment for you and confirm compliance. For this purpose, we perform a comparison of the existing cyber security controls with the requirements of the SWIFT CSCF, assess the adequacy of the implemented controls and propose measures to improve the controls.
Our company is listed in the SWIFT directory of CSP auditors and our designated employees have the corresponding necessary certifications and participate annually in the training procedure prescribed by SWIFT.
Results Report
As a first step, we will provide you with an interim report in English with recommendations on how to meet the mandatory requirements of the SWIFT CSP. You can then implement the recommendations based on the identified vulnerabilities. We then conduct a final independent external assessment and prepare a final report in accordance with the format specified by SWIFT. Included in the report is a management summary.
Your client informs you that they do not have a data protection officer.
Your client is looking for a data protection officer.
Your client processes data for its customers in a businesslike manner.
Problem / Examples
According to the GDPR, companies are obliged to appoint a data protection officer as soon as 20 employees or more are involved in the processing of personal data.
This can be, for example, payroll data, employee data, customer master data.
ITAC Service
We assume the function of the external data protection officer.
Results Report
Annual Privacy Report
Data Protection-Audits
IDW PH 9.860.1
Initial Situation
Your client needs to prove to its business partners that it has an appropriate and effective data protection management system in place in accordance with the GDPR.
Problem / Examples
Especially for companies in the B2C sector with mass transactions, customer data must be particularly protected.
With an audit in accordance with IDW PH 9.860.1, the legal representatives fulfill their commercial duty of care.
ITAC Service
Performance of a data protection audit in accordance with IDW PH 9.860.1.
Appropriateness test or effectiveness test.
Results Report
Report on the Data Protection Audit
Microsoft SSPA Audits
Initial Situation
Your client informs you that he is a service provider for Microsoft. He is to prove the requirements on the part of Microsoft for his suppliers with an SSPA audit.
Problem / Examples
Microsoft requires its suppliers who work with Microsoft customer data to provide separate proof of the information security of the business partner.
ITAC Service
Perform the audit according to Microsoft SSPA requirements.
Results Report
SSPA Audit Report
Trainings
z.B. SAP, GoBD, IT/IKS
For management, the key is to make cybersecurity and IT security the focus of communications and to train them regularly. This is a task that we are happy to take off your hands and for which we offer a comprehensive training and education program.
ready for you. Because every employee makes decisions every day that impact your information security. From the password to the responsible use of e-mails to the use of exclusively
protected websites. 80 percent of a company's security incidents are caused by employees - mostly out of ignorance. Thus, the safe handling of data and technologies cannot always be assumed.
be assumed. We will be happy to inform you about our training program and, if you wish, also put together a customized training course for you.
Whether customized or a training from our standardized training program. Whether on a regular or one-off basis, for the specialist or the user team - use the know-how of our data and IT security experts,
to sharpen the perception for information security in your company.
At FALK, we provide our clients with targeted support in the form of professional training and coaching to meet these challenges. Technical training and coaching as well as professional consulting are closely interlinked.
closely linked with each other. While the latest theoretical findings are continuously incorporated into our consulting approach, we use the practical experience gained from our projects to constantly optimize our training and coaching methods.
and coaching methods.
Initial Situation
Your client informs you that he plans to carry out training measures. The aim is to increase efficiency, security awareness or compliance, for example.
Problem / Examples
Training courses should be used to teach employees about topics such as GoBD, IT security, information security and the use of SAP.
SAP for auditors and accountants
IT Audit KMU
Understand GoBD
ITAC Service
Implementation of training measures on various topics.
This can be done in-house or remotely (e.g. via MS Teams).
In the context of a transaction initiation, a due diligence is to be carried out.
You will be tasked with performing a Financial DD and Tax DD.
They recognize that the target's business model is very IT-heavy and recommend an IT DD.
Problem / Examples
You or your client needs to identify IT risks (and opportunities, synergies) as part of the transaction.
You need a specialist who can perform an IT DD.
ITAC Service
Implementation of an IT-DD.
Report includes IT risks and possible synergies.
Impacts of migrations and IT costs associated with the deal become transparent.
Results Report
IT DD Report
BSI:C5
IDW PH 9.860.3
Initial Situation
The client's accounting-relevant IT or parts thereof are outsourced to cloud service providers. This means that the latter is obliged to provide evidence of compliance.
Your client is a cloud provider and wants to offer outsourcing of IT systems for customers.
Problem / Examples
Your client would like to submit a report according to BSI:C5 as proof of its service quality.
ITAC Service
Preparation of an audit report according to BSI:C5.
Results Report
Audit Report
Vulnerability Scanning
Penetration testing protects you from cyber attacks. Every day, hackers use new methods to try to uncover security holes and vulnerabilities in IT systems and thus gain access to the important data of medium-sized companies. Just like our
IT security experts. The difference is that our experts use special tools to deliberately and specifically search for vulnerabilities and security gaps in IT systems. For this we rely on specially
vulnerability tests designed for this purpose, penetration tests, also called pentests. Why? To close security gaps in your IT systems and to make you, as the person responsible in the company, aware of vulnerabilities in applications,
software and tools. Thanks to penetration testing, you can protect your systems more effectively. Would you like to learn more? Then please feel free to contact us.
Initial Situation
You want to strengthen yourself against external attacks and proactively have your network scanned for security vulnerabilities.
You are subject to a regular audit of your ISMS and must prove once a year that you have had your network examined by experts for intrusion gates.
Problem / Examples
You want to get ISO 27001 certified and want to make sure in advance that your network is sufficiently protected from the outside.
ITAC Service
Planning and execution of vulnerability scans, security scans or penetration tests.
Results Report
Detailed report on security vulnerabilities.
ISMS - Information Security ISO27001
Initial Situation
Your client is a supplier of a company that has implemented an ISMS and is certified according to ISO27001. One is now required to demonstrate such certification oneself.
A company wants to enter new business areas where an information security management system is required.
Problem / Examples
The customer is required to demand certification of its suppliers due to requirements from ISO27001.
Certification of the ISMS according to ISO27001 serves internationally as proof of compliance with the information security principles.
ITAC Service
Conduct an ISO27001 readiness review with gap analysis.
Support of both implementation of an ISMS.
Implementation or support of a certification according to ISO27001.
Results Report
Readiness-Analysis
ISO Certification
This website uses only technically essential cookies that are necessary to operate the site. You can find more information in our Data Protection Declaration
