Skip to main content

IT internal audit

Strategic plan using a risk-based approach

The ever-increasing complexity of information and communication technology (ICT) and security risks presents new challenges for an organisation’s internal controls function, including Internal Audit (IA).


Recent regulatory developments in the financial sector such as the CSSF Circular 20/750 implementing EBA Guidelines on ICT Security and Risk Management emphasize the importance of the internal audit function to provide independent

assurance on the control environment effectiveness to the management body.

In this context, effective information technology internal auditing requires thorough planning coupled with nimble responsiveness to quickly changing risks. Following a risk-based approach, an organisation’s IA plays a critical role in helping review and provide independent assurance that ICT and security-related activities are compliant with organisation’s policies, procedures, and external requirements.

Supervisory authorities (in Luxembourg and Europe) monitor closely how organisations cover their ICT risks when defining their multiannual internal audit plan using a risk-based approach.

Learn more about how Deloitte can help you (attached flyer) and do not hesitate to contact one of our experts.