• Information Technology Audit

    Evaluate controls related to information technology

IT Assurance & Advisory

BDO can assist boards and senior executives to better understand and manage their current Information Technology risks, by providing independent and objective IT control assessment and design tailor-made recommendations to align IT controls with industry standards, regulatory requirements and best practices.


IT Audit – we evaluate the design and effectiveness of IT general computer controls related to business software, IT technical environment, as well as maturity of the various IT processes

IT Internal Audit – we provide IT internal audit services to clients who may not have the specialist resource internally

Attestation and assurance reports – we conduct attestation audits based on the international assurance standards (ISAE 3402 / SSAE 16) that describes the Service Organisation Control (SOC 1). Our third-party assurance services also includes ISAE 3000, SOC2 and SOC 3 reporting.

Independent review of IS implementations – we evaluate the design and effectiveness of test plans and data conversions performed as part of major upgrade or software transformation

Data Analytics – we analyse data in order to identify areas of key risk, fraud, errors or misuse; verify process effectiveness and identifying the areas of business efficiencies improvement.


Information Security Management – we help organisations identify risks and assess the controls they have in place to safeguard and secure information. Our range of services includes:

IT Security Risk Assessments – we assess the company’s existing controls as per ISO/IEC 27001:2022 standards, identify areas where security programs needs to improve and enable the development of a road map for the ISMS implementation and define mitigating activities and recommendations.

Penetration Tests and Vulnerability Assessments - we provide both “external” and “internal” penetration tests and vulnerability assessments to help the companies to assess their vulnerability to attacks originating from outside and within your private network. Our testing covers threats to both network and web infrastructure.

Information security policy and procedures – we assist implementing an Information Security framework as per known standards and relevant regulations (define policies and underlying procedures, evaluate level of monitoring, organise security awareness, …)

Identity & access management (IAM) we assist in assessing and designing IAM strategy, processes and relevant solutions

Business Continuity Management – we provide a range of services from assisting in the assessment of the suitability of plans to the development of plans from scratch.

Regulatory assistance – we assist in identify all existing regulatory requirements applicable to the organisation which could have impact to its IT environment and we help to define solutions to address identified compliance gaps.