The Information Technology Audit and Assurance unit of Nexia SAB&T provides services that address organisations exposure to new and emerging risks stemming from changes in the environment in which businesses operates as they become more dependent on technology to support business processes.
As IT environments within organisations become more complex and critical for normal business operations some of the IT risk exposures that Nexia SAB&T is able to assess for their clients include:
- Full dependence or reliance on services provided by application system vendors
- Inadequate level of information security for the environment, which could lead to system vulnerabilities
- Inadequate level of user management within the IT applications which could lead to data leakage, loss or manipulation
- Limitation of normal operations due to unreliable systems availability
IT Audit and Assurance
Nexia SAB&T provides IT audits of organisations’ IT environments either independently or in cooperation with the organisations’ external or internal audit functions that examine the IT environment, the internal processes followed within the IT environment, assess the design of internal controls, conclude on the adequacy and effectiveness of controls, and provide suggestions for addressing those risks that are not being managed appropriately.
Some of the IT Audit and Assurance services Nexia SAB&T offer include:
- Application control reviews
- Assessment of server configuration
- Conversion reviews
- General control reviews
- IT governance reviews
- Network vulnerability assessments
- Project pre, post and implementation reviews
- Software license management reviews
- System development life cycle reviews
- User access reviews
IT Advisory Services
Nexia SAB&T also provide IT advisory services to address the issues related to both risk and performance improvement by providing assistance to management in the development and implementation of:
- IT governance frameworks
- IT policies, procedures and processes
- IT programme and project management
- IT risk frameworks & registers
- IT strategies
- Responses to IT audit queries to ensure IT compliance
The data analytics service Nexia SAB&T provide comprises processes and activities designed to obtain and evaluate data to extract useful information. These results may be used to identify areas of key risk, fraud, errors or misuse; improve business efficiencies; verify process effectiveness; and influence business decisions. Nexia SAB&T offer data analytics services in response to ad-hoc requests, or the implementation of continuous auditing processes.
Computer Assisted Audit Techniques (CAATs)
Businesses may process thousands or even many millions of transactions every year. To properly test that controls are operating effectively and consistently is virtually impossible using traditional audit methods. CAATs allow auditors to determine whether a control has operated effectively for every transaction as easily as testing a single one using traditional methods.
Continuous auditing is an automated method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyse patterns within the digits of key numeric fields, review trends, and test controls, among other activities. Not only does it enable the integrity of information to be evaluated at any given point in time, it also means that the information is able to be verified constantly for errors, fraud, and inefficiencies. The activity is continuous in that it allows for testing throughout the year as opposed to an end of year snapshot.