IT Audit Support

Effective and efficient controls in IT systems are critical to the accuracy, integrity and availability of information and systems.

In the context of IT audits, appropriate audit procedures ensure that general IT controls as well as application-related controls are in place and effective.

IT audits are not the same as balance-sheet audits, but the results of IT audits do however influence the audit of a company?s financial reporting in two ways:

  • Efficiency (allows an audit based on controls instead of on substantive audit procedures)
  • Effectiveness (substantive test ranges may be insufficient to make a reliable statement).

Our Services

COREVA assists companies and organizations in IT audit with the objective of controlling risks. The basis of this is the identification of risks and the design of controls to reduce the risk.

Unsere Tätigkeit in IT-Revisionen ist darauf ausgerichtet, Kontrollen zu identifizieren und zu gestalten. Our audit services are adapted to the scope of your requirements and the size of your organization. We perform reviews at different depths and to different levels of detail in both financial and operational processes and systems.

A general review gives assurance about the adequacy of key controls in core processes. The resulting evidence gives pointers for practical improvements to the control system. We also identify areas of high risk, in which should be examined in more detail.

Detailed inspections are usually performed for specific areas of high risk or unknown conditions. Als Ergebnis erhalten Sie Hinweise für konkrete Verbesserungen des Kontrollsystems. The findings will provide you with practical suggestions for measures that can swiftly improve control mechanisms.

An in-depth analysis of large and high-risk projects can give confidence that nothing important has been overlooked. Experience shows that it is more complicated and expensive to improve the control systems after project implementation than to take them into consideration during design and implementation. Our approach is based on getting a clear understanding of your processes and of planned and current systems and then to determine whether they meet the specified business objectives.


The starting point of any IT audit is an analysis of risks and processes. These are based, amongst other things, on the Key Performance Indicators used by management. Our approach has three stages:

Strategic analysis - Developing an understanding of the background to the processes and systems to be audited.

Process analysis - identification and assessment of business and IT risks for the process, associated compensating controls and the resulting residual risk.

The process analysis includes five steps:

  • Identification of potential risks
  • Identification of controls
  • Assessment of business risk
  • Determination of residual risk
  • Documentation

Testing of controls - depending on how much reliance will be placed on the evidence, we either ?walk-through? the process from beginning to end or perform detailed testing of controls.


Our approach, which is also tailored to your specific requirements, is documented using risk matrices and flow charts. These are easily understood and simple-to-use and require no specialist knowledge from users within your organization.

The key elements of business processes are illustrated in flow diagrams. They document the use of core systems and critical information flows.

Risk matrices present threats that could complicate or prevent the achievement of business objectives for each major process and against this, list the mitigating controls. Both automated and manual controls are taken into account, so that any missing, inefficient or duplicate controls can be easily identified. The residual risk for each process is then derived. Where required we can also identify effective proposals to reduce the risk.

Scope of Services

We can provide support during a single audit, with specialist knowledge about a particular system for example, or can partner you through an entire IT audit cycle from the planning stage right through to implementation, reporting and monitoring the implementation of recommended measures.

The Advantages

In addition to the opportunity to access to specialist knowledge and experience, our approach offers the following advantages:

  • Our approach is risk-oriented and therefore efficient.
  • The documentation which uses risk-matrices and flow-charts is easy to read and understand.
  • You can be confident that the controls over your processes effectively address the associated risks.
  • The effects of processing errors can be reduced.
  • The probability of fraud and error is reduced.
  • You can be confidence that your business processes are operating efficiently, effectively and reliably.
  • Konkrete Empfehlungen, wie Ihr Kontrollsystem wie auch das Funktionieren einzelner verbessert werden kann.
  • You will receive documentation about key business processes and controls in place over them.

[Translate to English:] Dokumentation

Download the most important facts about our IT Audit Support services here.