In 21st century business success is closely related to information technology

and ability to manage the IT associated risks and uses it to drive their stakeholder value.

Our BRS team can help you evaluate your IT (Information Technology) governance, analyze IT applications and infrastructure, strengthen security and assess the business risks and controls related to the use of IT. IT is often one of the most important vulnerable assets a business has, which is why it is critical to ensure that you maximize your technology investment and use IT effectively to help you drive your business strategy.

Grant Thornton has a proven, internationally-used methodology for IT audit and risk engagements, which involves review and assessment, recommendations for improvement, and ongoing re-evaluation and continuous improvement. This allows us to provide a consistent, standardized, best practice IT assurance service, whilst retaining the flexibility to adapt to your specific circumstances and requirements.

Our IT audit approach is a risk-based methodology. Our detailed work programmes are based on COBIT and the IIA’s Global Technology Audit Guides, and include tested and proven good practice in IT governance, so that control improvement opportunities can be identified. We can tailor our IT work programmes to suit the scope of a clients’ engagement. Typically an IT internal audit or IT risk management engagement will include some or all of the following: user access, system interfaces, data integrity, change management, information security and business continuity planning.

Grant Thornton offers clients an extensive suite of IT Governance and advisory services in the following areas:

• Assurance of IT-systems and processes
• Audit of IT general and application controls
• Audit of special payment and billing systems
• Software Selection
• IT Risk management
• IT Strategy
• IT due diligence
• Technology Advisory
• IT Security Audit
• IT Governance Audit
• Audit of Data Center

• assurance to the Board, Audit Committee and other interested parties that IT risks are being effectively mitigated
• greater awareness of IT risks within the organization
• a clearer view of the performance of IT controls, to enable you to monitor their effectiveness
• the information needed to determine return on investment in IT security and control
• compliance with relevant legislation and regulatory frameworks, such ISO 27001:2005, ISO 9001:2008 and etc.
• the ability to satisfy management, customers and external auditors that information security and systems are appropriately managed and controlled