Our team possesses a wide range of skill sets around IT infrastructure, ERP’s, custom developed applications, service organisation controls and evolving digital technologies along with industry and sector specific capabilities. We offer a broad range of services, including:

IT Controls Assurance

IT controls evaluation conducted as a part of the organisations internal controls programs is key to identifying and ensuring clients response to risks arising from information technology and the digital ecosystem in which they operate.

Deloitte can support clients in IT risk assessments and in performing design and operating effectiveness reviews for IT General Controls and automated controls across various ERPs and custom-built applications. Depending on client specific requirements this also includes data migration reviews, interface controls reviews, access and functional segregation assurance.

IT Controls Advisory

An organisations controllership, information technology and security functions need to be risk intelligent in order address risks arising out the technological changes.

Deloitte’s team of IT risk specialists support clients in improving IT processes and controls, to effectively identify, understand and implement relevant internal controls methodology and processes.

• Define – Identify relevant risks and build IT controls framework to meet internal and external compliance requirements, on account of process changes, ERP and application changes or enhancements, and BOT implementation.

• Optimise – Determine feasibility of IT controls standardisation, controls rationalisation, better use/leveraging automated controls through full use of standard system functionality, recommend effective remediation measures basis industry and sector expertise for gaps identified.

• Embed – Developing and delivering training programs on IT risks and controls, IT policy procedure buildout, controls remediation support, SME support to meet specific industry or technology/tool requirements

Third-Party Assurance (TPA)

Outsourcing operations does not transfer the risk associated with that process. The organisation that is outsourcing (user entity) continues to remain responsible for governance, risk management and compliance for the processes / operations now managed by their service provider. Regulators and industry bodies are focused on addressing the risks arising out these changes. In this context, service providers (service organisations) build trust and confidence in the services performed and the associated controls through system and organization controls (SOC) reports.