IT Audit Services

We perform a general or focused IT audit based on standard procedures, guidelines, and methodologies (such as COBIT, ISO 27001). This includes reviewing IT security management, regulation, and overall IT environment controls. Our services help identify and assess information security risks, while establishing a control environment that meets both national laws and international standards.

It is increasingly common for companies to outsource business, system operations, and data processing functions. The ISAE 3402 and SSAE 16 audit standards evaluate the IT controls implemented by service providers (organizations performing outsourced activities) and their operational effectiveness. While SSAE 16 is applicable in the United States, ISAE 3402 applies in other countries, replacing the previous SAS 70 standard.

In a security audit, we review business systems’ security settings, identify risks and control deficiencies that could compromise data security, and, when necessary, suggest appropriate protective measures. The functionality audit examines whether IT systems operate according to the required business logic, identifying areas that fail to meet efficiency and business requirements.

 We identify issues arising from complex permission structures and settings within business systems, particularly role incompatibilities that could enable fraudulent activities, potentially causing significant financial losses. Modern ERP systems' intricate permission structures cannot be analyzed through simple methods, which is why we use specialized analytical tools for our assessments. We possess particular expertise and toolsets in SAP authorization analysis.

Interfaces between systems carry numerous risks, including data loss, alteration, or duplication, which could significantly affect other systems’ operations, even influencing the company’s general ledger results. Our audits identify potential malfunctions and security gaps in system interfaces, and we provide recommendations for necessary improvements.

Before system implementation, our services help plan and execute tasks related to selecting the most suitable system and supplier for your company’s needs. We ensure that all necessary controls are adequately established and effectively operated. After the system is implemented, we review data migration compliance and ensure the live system operates in line with its defined functionality, covering specifications and actual business requirements.

Did you know that handling a cyberattack executed by cybercriminals and restoring data can cost hundreds of millions of forints? Furthermore, due to the recently adopted European data protection regulation, data privacy fines are expected to rise dramatically. Is your company adequately prepared to manage cybersecurity risks?

We evaluate whether your company meets the requirements set out in various international standards (e.g., ISO 27001, ISO 20000, ISO 22301, ISAE 3402, PCI DSS). Based on our findings, we also offer support in preparing for certification or renewal audits, enabling your company to build trust with stakeholders and gain a competitive edge over your rivals.

Employees’ susceptibility to deception is one of the most significant non-technical information security risks faced by organizations. We simulate real social engineering attacks based on pre-agreed methodologies and rules, and, based on the results, develop an action plan to prevent similar incidents. Our audits can be coupled with training sessions to give employees a clearer understanding of potential attack techniques and the security protocols they must follow.