Grant Thornton internal audit team is also composed of experienced IT auditors, delivering IT internal audit assignments.

As part of the overall internal audit plan or through special ad ’hoc IT audits, our team covers various topics including IT governance, IT regulatory requirements, cybersecurity, applications controls, IT project management and IT information technology general controls, cloud, and IT outsourcing.

Information is a strategic resource and technology evolves with its underlying risks including governance, security, outsourcing agreements, information sustainability, confidentiality, availability and integrity. Managing these risks becomes more and more challenging. Organisations are facing the need for transparent and credible accountability. All stakeholders including investors, regulators, and clients are watching and expect transparency and a strong IT risk management practice.

In such context, Grant Thornton information technology audit team, will provide IT audit services as part of your internal audit or as part of any specific IT audit that is required (ad’hoc , assurance reports, external audits). With Grant Thornton’s information technology risk and audit services, the IT design and effectiveness of your controls can be continuously improved.

In line with best practices, requirements and guidelines (ISO27K, NIST, NISD, CSSF, COBIT, ITIL, etc.). The IT audit team covers various topics including; the IT Governance, the regulatory, cybersecurity, applications controls, Business continuity (BCP, DRP), IT project management, information technology general control, cloud, and IT outsourcing.

Discover our range of services:

1. Governance, Risk Management and Regulatory Services

We will help you to identify and implement the right corporate governance and IT internal control frameworks, and help the organisation to reduce the highest risks to an acceptable level. Moreover we will help you to establish appropriate IT risk monitoring practices to ensure operational effectiveness in the achievement of corporate objectives.

2. Special Attestation Services

We are able to provide independent, objective assurance on the design, implementation and operating effectiveness of controls at service organisations (ISAE3402).

3. Compliance audits (CSSF, EBA, DORA)

In an environment where the requirements from the regulators is increasing, we will help you evaluating your internal controls framework against regulatory and specific guidelines, including: CSSF (E.g.: 20/750, 21/769, 22/806), EBA guidelines (EBA/GL/2019/02, EBA/GL/2019/04).

4. Cybersecurity audits

We will help you to evaluate your cybersecurity posture (infrastructure and network design, event and monitoring management, disaster recovery, business continuity, Access and identity management (including segregation of duties), and data management, against best practices and guidelines (NIST, NISD, FFEIC, ISO27K).

5. Application controls

We will help you evaluating application controls by ensuring defined configurations (thresholds, approvals cycles) are in place. Additionally the audit of Data flows between several systems will help you to ensure that the integrity of transported data is respected, and measures are in place for ensuring risks of errors/fraud.

6. Information Technology General Controls review

We will help you to evaluate controls in place ensuring that ensuring that the following elements are place:

  • Information technology and Governance – IT strategy, IT Governance structure, IT policies and procedures in place
  • IT Risk management - Review of process in place to manage and mitigate IT risks
  • IT operations (incident management, backups, batch processing)
  • System development life (change management and project management practice in place)
  • IT Outsourcing management audit
7. Information Technology – Special scope audit review
  • We help you reviewing measures in place ensuring that Data migration and system (ERP) implementation are performed with respect to Data integrity.
  • We will examine your project management practice by ensuring the appropriate execution of a project, in line with business requirements and with the project management lifecycle.
  • We will help you performing a GAP assessment that aims to compare your security status measured against the SWIFT Customer Security Program requirements.
Vincent Garnier
Partner, Audit & Assurance
Vincent Garnier