IT Audit, IT Assurance & AI

IT Audit according to ISA 315

Digitalization fundamentally changes business processes – and with them, the requirements for financial statement audits. The revised auditing standard ISA [DE] 315 (“ Identifying and Assessing the Risks of Material Misstatement“) of the Institute of Public Auditors in Germany (IDW) bring IT more clearly into the focus of risk assessment. Our IT audit experts support you in implementing the requirements efficiently and in full compliance.

​​Your Benefits

• Increased audit security through sound IT risk analysis
• Efficient audit planning and execution
• Transparent communication with our clients and supervisory bodies
• Strengthening trust in the financial statement audit

More Information

Migration Audits according to IDW PS 850 & IDW PS 860

The migration of data and systems is a critical moment in the IT lifecycle – whether it’s the introduction of new ERP systems, the transition to cloud-based solutions, or within the scope of carve-outs and post-merger integrations. Faulty or incomplete data transfers jeopardize the regularity of accounting and the integrity of business processes.

Our audits create trust in the regularity of your systems and data and minimize risks of non-compliance with regulatory requirements during tax audits or annual financial statements.

​ ​Our Services at a Glance​

• Planning and support for migration projects: Early involvement to identify audit-relevant risks and requirements.
• Audit of data migration: Traceable and complete audit of data transfer – from extraction to transformation to loading.
• Audit of the new IT system: Evaluation of the regularity and functionality of the target systems, especially with regard to GoBD and GoB compliance.
• Interface and process audit: Analysis of the technical and functional integrity of connected systems and processes.
• Documentation & Audit Report: Creation of an audit report as proof for internal and external stakeholders (e. g. auditors, tax authorities).

More Information

ISAE 3402 and IDW PS 951

The outsourcing of IT services and the use of cloud solutions offer companies flexibility and scalability – but also bring new risks and regulatory requirements. With our audits according to IDW PS 951, ISAE 3402, and the BSI C5 standard, you create transparency and trust with customers, business partners, and supervisory authorities.

As a professional services firm with strong IT expertise, we offer sound audit services for complex outsourcing and cloud scenarios. Our interdisciplinary teams of auditors and IT experts ensure a risk-oriented, practical, and regulatorily robust audit – nationally and internationally.

Our Services at a Glance

• Audit of outsourced IT processes (IDW PS 951): Evaluation of internal control systems (ICS) of IT service providers with regard to regularity, security, and compliance.
• Assurance according to ISAE 3402 (Type I & II): International auditing standards for assessing controls at service organizations – ideal for globally operating companies.
• C5 Attestation according to BSI Standard: Audit of cloud services based on the German security standard “Cloud Computing Compliance Controls Catalogue” (C5).
• Support for outsourcing projects: Consulting and auditing in the context of outsourcing according to BAIT*, MaRisk, or DORA.
• Creation of audit-proof reports: Documentation of results in IDW and ISAE-compliant assurance reports for clients, auditors, and regulators.

More Information

BSI C5 Audit according to ISAE 3000

Cloud services are a central component of modern IT strategies – at the same time, the demands for security, transparency, and regulatory traceability are growing. The audit according to the BSI C5 standard and the international auditing standard ISAE 3000 offers a recognized basis for objectively and traceably evaluating the effectiveness of security measures of cloud service providers.

As a professional services firm with high IT expertise, we offer a structured, risk-oriented, and regulatorily robust audit that meets the requirements of customers, authorities, and internal stakeholders.

​Our Services

• Execution of the audit according to ISAE 3000: Independent audit of the implementation of C5 controls based on an internationally recognized assurance standard.
• Type I and Type II audits: Evaluation of the design (Type I) and the effectiveness over a period (Type II) of the implemented security measures.
• Creation of a C5-compliant audit report: Documentation of audit results for submission to customers, business partners, and regulators.
• Gap Analysis & Preparation: Support in identifying and closing gaps in the existing control system.
• Combination with other standards: Integration of the audit with IDW PS 951, ISAE 3402, or ISO/IEC 27001 for a holistic representation of your IT security and compliance.

More Information

DORA Audit & Consulting

With the entry into force of the EU regulation DORA (Digital Operational Resilience Act) on January 17, 2025, financial companies and their IT service providers face new challenges: They must demonstrably ensure the digital resilience of their systems – and clearly document this. The new auditing standard IDW PS 528 creates a clear, risk-oriented framework. Our audit and consulting approaches are scalable, practical, and follow the proportionality principle – for large institutions as well as for smaller entities.

​​Our Services for DORA Compliance:

• Audit according to IDW PS 528: Execution of the supervisory DORA audit within the scope of the financial statement audit – including evaluation of ICT risks, resilience tests, incident management, and third-party management
• DORA GAP Analysis: Identification of gaps in your IT and security architecture and derivation of concrete measures for closing them
• Consulting on DORA implementation: Development of an individual DORA strategy, support in implementing control mechanisms and documentation obligations.
• ICT Risk Management & Governance: Establishment and optimization of structures for continuous monitoring and control of digital risks.
• Preparation for Audits & Reporting: Support in creating audit-proof evidence and reports – including system-generated evidence and management dashboards.

More Information

GoBD Compliance

The GoBD (Principles for the proper management and retention of books, records, and documents in electronic form, as well as for data access) set clear requirements for digital accounting and the IT-supported processing of tax-relevant data. Companies that do not meet these requirements risk tax disadvantages and legal uncertainties.

As a professional services firm with sound IT expertise, we know both the tax requirements and the technical challenges. We support you in making your processes legally compliant, efficient, and future-proof – and build trust with tax authorities, business partners, and internal stakeholders.

Our Services for your GoBD Compliance

• GoBD Readiness Check: Analysis of your existing processes, systems, and documentation with regard to GoBD compliance.
• Audit of digital processes: Evaluation of the regularity of your electronic accounting, document filing, and archiving.
• Process Documentation: Support in creating or updating GoBD-compliant process documentation.
• Data Access Audit (Z1–Z3): Preparation for tax audits and ensuring proper data access.
• Consulting on system changes: Support during the introduction or migration of ERP, accounting, or archiving systems from a GoBD perspective.

IT Due Diligence

In M&A processes, a company’s IT infrastructure is a decisive success factor – and at the same time a potential risk. Our IT due diligence creates clarity about the performance, security, and future viability of the target company’s IT systems and processes. We support investors, buyers, and sellers in making informed decisions and identifying risks early. With our IT due diligence, you receive an objective, structured, and risk-oriented evaluation of IT – as a basis for Purchase Price Negotiations, contract drafting, and strategic decisions. Our interdisciplinary teams combine technical expertise with business understanding.

​​Our Services in the Context of IT due diligence:

• Analysis of the IT Landscape: Evaluation of existing IT systems, infrastructure, applications, and interfaces.
• IT Costs and Investments: Audit of IT budgets, ongoing costs, and future investment needs.
• IT Organization & Governance: Assessment of organizational structure and processes, responsibilities, and control mechanisms.
• IT Security & Compliance: Identification of risks related to information security, data protection (e.g., GDPR), and regulatory requirements.
• Technological Risks & Scalability: Assessment of the future viability and integration capability of IT with regard to planned growth strategies or post-merger integration.

More Information

E-Invoicing & Audit-Proof Archiving

The introduction of mandatory e-invoicing and the increasing digitalization of business processes present companies with new challenges. In addition to technical implementation, tax and legal requirements must be observed – such as compliance with GoBD and the audit-proof archiving of electronic documents.

As a professional services firm with IT and tax expertise, we support you in the legally compliant implementation of your digital invoicing and archiving processes. Our audit and consulting services build trust – with tax authorities, business partners, and internal stakeholders, paving the way for sustainable growth.

Our Services at a Glance

• Consulting on the introduction of e-invoicing: Support in selecting suitable formats (e. g. XRechnung, ZUGFeRD) and in integrating them into existing ERP and accounting systems.
• Audit of GoBD compliance: Evaluation of processes related to the creation, processing, and archiving of e-invoices with regard to tax regularity.
• Audit-proof archiving: Analysis and audit of your archiving systems for compliance with legal requirements – including traceability, immutability, and access protection.
• Process Documentation: Creation or audit of audit-proof process documentation for electronic invoicing and archiving processes.
• Support for tax audits: Assistance in the preparation and execution of tax audits with a focus on digital invoicing and archiving systems.

More information

​​Auditing of Digital Business Models​

Digital business models are fundamentally changing industries, processes and customer relationships. Whether platform economy, software-as-a-service (SaaS), data-driven services or digital payment processes – with increasing digitization, the demands on transparency, regularity and regulatory compliance are also increasing.

As a professional services firm with IT and digital expertise, we audit digital business models holistically – economically, technically and from a regulatory perspective.

Our services at a glance

• Analysis of the digital business model: Evaluation of value creation, scalability, data flows and technological infrastructure.
• Audit of regularity: Ensuring compliance with commercial and tax law requirements.
• Evaluation of platforms and SaaS models: Examination of billing logics, usage data, license models and interfaces.
• IT system audit & data integrity: Analysis of the systems and processes used with regard to security, traceability and reliability.
• Process documentation & reporting: Support in the creation of audit-proof documentation and reports for stakeholders and supervisory authorities.

​​IT Forensics & Embezzlement Audits

In an increasingly digitized corporate world, white-collar crimes such as embezzlement, fraud or manipulation leave digital traces. With modern IT forensic methods and data-based audit approaches, we assist in the detection, analysis and evaluation of suspicious activities in a structured, discreet and legally compliant manner.

Our services at a glance

• Embezzlement and special audits: Conducting targeted audits in suspected cases – including document analysis, transaction audits and conducting interviews.
• Use of modern data analyses: Use of AI-supported methods, pattern recognition and anomaly detection to identify suspicious bookings or patterns of behavior.
• Prevention & early warning systems: Support in the development of control mechanisms and monitoring solutions for the early detection of risks.
• Documentation & court-proof reports: Creation of audit-proof and legally sound reports for use in internal proceedings or vis-à-vis investigating authorities.

Audit of AI Systems according to IDW PS 861

Artificial intelligence (AI) has long been part of modern business processes – from automated decision-making models to image and speech recognition to data-driven forecasts. With the use of AI, the requirements for reliability, traceability and security are increasing. The audit standard IDW PS 861 offers for the first time a structured framework for auditing AI systems outside of the financial statement audit – for transparent and secure processes.

Our services for auditing AI systems

• Audit according to IDW PS 861: Implementation of appropriateness and effectiveness audits based on the international standard ISAE 3000 – including assessment of AI governance, data quality, algorithms and IT infrastructure
• Evaluation of ethical and legal requirements: Ensuring compliance with principles such as fairness, non-discrimination, human autonomy and regulatory requirements.
• Traceability & transparency: Examination of whether decisions and results of the AI system are understandable and documented for knowledgeable third parties.
• IT security & performance: Analysis of the protection mechanisms against manipulation, system failures and unauthorized access as well as evaluation of the technical efficiency and reliability.
• Advice on AI compliance: Support in the implementation of guidelines, monitoring systems and documentation processes for the sustainable governance of AI applications

Software Certification according to IDW PS 880

The quality and regularity of software is a decisive factor for the security and efficiency of operational processes. With software certification according to the audit standard IDW PS 880, you create trust among customers, business partners and supervisory authorities – and document compliance with legal and regulatory requirements.

Certification according to IDW PS 880 shows that your software is not only functional, but also legally and technically sound. As experienced auditors with IT expertise, we accompany you through the entire audit process – independently, systematically, and with practical relevance.

Our services in the context of software certification

• Audit of regularity: Assessment of whether the software complies with the principles of proper accounting (GoB) – especially for ERP, accounting or archiving systems.
• Analysis of the development and testing processes: Examination of software development, quality assurance and documentation.
• Evaluation of IT security and data integrity: Investigation of access controls, logging, archiving and protection mechanisms.
• Preparation of an audit report: Documentation of the results in an IDW-compliant audit report – as proof for customers, auditors or authorities.
• Support during certification: Support in the preparation and optimization of your software solution with a view to successful certification.