The possession of a certification applies increasingly as a condition for doing business in general or the exchange of information in particular. We are qualified to support the most common certification paths.
Author: fkossen
Audit courses
Training is a job on itself. Auditing is also a special subject. We have both qualities and can therefore make a perfect relationship between theory and practice.
We provide courses for internal and external auditors, but also for managers as contact with the auditors. We facilitate both courses for which students may register individually, as customized training.
FUNDAMENTALS COURSE IT AUDIT
For individual students, we organize several times a year a training IT audit fundamentals. During this training the students learn the essentials of IT Audit and operation of the various components of IT Governance. After participating in the training the student can independently perform a simple IT Audit and knows when an EDP Audit must be deployed. The topics are supported by practical case studies for immediate implementation in your organization. After the training you receive one case, up to the theoretical base that you have built up during the training to fit into your practice. This case is used as a base for 3th day session. The cusus consists of 2 or 3 days (during the 3rd day the case is discussed and a number of subjects submitted by the students are further discussed).
Download our general education brochure IT audit fundamentals.
CUSTOM TRAINING
Because every company is different Duijnborgh Audit offers customized courses. These courses are specifically designed for your company as a maximum return from the training target. For example, the specific use of administrative organization, internal control procedures and businesses are included in the development of training and education. By applying a customized training, the students will better recognize everyday practice. This increases the effectiveness because the participant subjects from the training directly can apply the knowledge in daily practice. Our customized courses, can be provided both in-company and at an outdoor location. The customized courses are always developed and defined in consultation with the client. This allows clients to ad important to the curriculum.
For more information please contact us for an appointment.
Software package selection
Package selection is not an end in itself. Package selection is often part of a change or improvement. Our approach consists of a package selection for research, compiling a long list and a short guide us to the choice of the package. Our advice is completely independent because we in no way bound to suppliers.
Assisting the financial auditor
More and more financial auditors are confronted with IT related issues. Sarbanes Oxlex, SAS70 and IT governance; it is difficult to envisage the audit of the financial statement without looking at IT, too. Not all audit firms can dispose of a dedicated IT audit function. Furthermore, the financial auditor often lacks the specific knowledge on IT environments. To these audit firms we provide our (IT audit) services whilst maintaining a strict division of tasks.
Our services to accounting firms include a full-service concept with which we whole-field IT Audit cover!
FIVE REASONS FOR FINANCIAL ACCOUNTANS TO APPLY FOR AN IT-AUDITOR
1. IT audits are a crucial part of the control process. Depending on the degree of (financial) processes that rely on automation, the financial auditor must decide whether he has sufficient proof data obtained by him is correct and complete.
2. Since the introduction of the WTA, the “atmosphere of permissiveness” wether IT audit is a mandatory part of the financial audit or not, is history.
3. More and more customers of finacial accountants request (or rather demand) a thorough audit of the IT environment. And when it Is not the customer, then it is one of its customers or suppliers that demands assurance on how IT processes are controlled. In the last Quarter dozens of accounancy firms (especially the smaller ones) loses customers to larger firms who do structural apply the IT audit role.
4. An IT auditor delivers his money twice over: a technology audit, the number of tests, samples and other (context) controls can significantly reduce the activities of the financial accountant.
5. Accountants that offer an integrated audit approach, including IT audit, are proven more successful than their counterparts who do not. Smaller audit firms, however, are not able to fit the IT audit in their company. IT audit is a broad field of objects, which is not easy to cover with a small IT audit department. as they say: “1 auditor is equal to no auditor”.
FIVE REASONS FOR ACOOUNTANTS TO CHOOSE FOR DUIJNBORGH AUDIT
1. The core business of Audit Duijn Borgh BV is primarily IT audit and related activities. Our services are therefore in principle not competitive with the services of th financial auditor.
2. Our Senior auditors are registred EDP-Auditors (RE) and also we can (for international customers) provide auditors that have the CISA certification.
3. We have multiple IT auditors each having a specific expertise required. So we cover almost the entire IT field and can have an opinion on it.
4. We are very flexible: in most cases we can honor your request within a few days to fill the IT audit roll. Small “jobs” do not scare us off.. Our IT audit service is therefore within reach of all audit firms, from very small to (medium) wide.
5. And finally: Our rates are highly competitive!
Information Security
Information security is an apparently simple subject with clear rules. From the fact that there are almost daily incidents in the news, must be concluded that the subject is more complex than it looks. We use the premise that information security is a business issue in which ICT is a part.
The reliability of the information is an important quality aspect of organizations. Laws and regulations in the framework of Governance (VIR, Tobacco Blatt, SOX, etc.) also require attention to information security.
Information Security and Audit: The auditors will assess the adequacy of the information security policy and provide advice in the preparation of risk management. The outcome of an information security audit is the understanding of the effectiveness and progress of the information in an organization. Often such an audit is used to define the starting point for the improvement.
Security information and advice: Our consultants (information security specialists) help organizations to define and organize the security management process. We also provide on an ad interim base security officers, information officers, etc. to the government and profit organizations.
With our years of experience in this area we know very well the pitfalls that are apparently inherent to this subject.
Continuity Management
Through extensive experience we have developed a practical but above all pragmatic method to manage the continuity of your organization.
At this website you can download a free of charge Quickscan which you can easily use to determine the extent to which your organization depends on IT.
Duijnborgh Audit has developed a number of instruments that can be used to determine how organization is able to start again after a disaster. The methodology is built according to our developed model CEM (CEM stands for Continuity Efficiency Measurement).
The CEM-model defines the risks when a failure of ICT in enterprises occure, which are bottlenecks and, most importantly, what measures can (should) be to reduce the risks to hedge,
In the process a number of showstoppers are in place, to prevent more activity than is absolutely necessary to determine whether action is needed, if any. The methodology is very suitable for medium-sized enterprises.
The steps in a Continuity Efficiency Measurement
CEM Quickscan
CEM Self
CEM Audit
By sending us a e-mail , you can request for the Quickscan applications. We send you the Quickscan free of charge.
Download the 
brochure, or contact us if you want more information.
Risk analyses
In some cases it is necessary to determine the dependency and vulnerability of the organization through a risk analysis. We both have extensive experience with analytical methods such as Cramm and ACIB, as well as methodologies to define in an effective and efficient way and also in a short time, the risks of your organization.
Pre-audits
With our pre-audits we are the link between organizations and the certifying authority. We speak your language as both the certifying auditor.
Organizations that wish to certify at certain standard, eg BS 27001 (Information Security), BS 7510/11/12 (Information in care) or BS 20000 (Service Management), we can support this service.
How does a pre-audit work?
We have specialists with extensive experience in certification programs. We can provide the following:
– we process the full certification file for formal certification Party;
– we establish the necessary formal proceeding, manuals, etc.;
– we assist in the preparation of the (interim) reports for the certification body; What are the advantages of a pre-audit?
The certification path can be completed much faster because you do not have to event it al by yourself.
– You have prepared a full certification file;
– You realize a counterweight to the certifying authority;
– You have a fixed point with short lines of communication;
– You will save considerably on costs.
Social Audit
We use the term Social Audit instead of the usual term Social Engineering. The research is based on the ‘traditional’ audit method, which means that the customer is assured of an expert, independent and responsible way of research.
Social Audit can be used to ensure the quality of information to measure. Social audit can roughly two techniques are performed (both individually and in combination):
as a technique whereby a computer cracker attack on a computer trying to take over users of the systems;
as a form of influence on social behavior and attitudes.
Outsourcing
Increasingly, (parts of) IT departments are outsourced to an external supplier which the supplier services that their IT department originally supplied.
Outsourcing has advantages as cost savings as well as disadvantages and even risks.
The most common risk is that the supplier does not comply with the agreements. There are even special terms defined to indicate how the supplier fails:
Shirking is when a supplier systematically under-performs when they are fully paid for it. For example, declaring more hours than actually worked.
Poaching is when the supplier abash it’s competitive position of trust sensitive information to or specially developed solutions for the customer to other customers to use.
Opportunistic repricing occurs when a customer over time more and more becomes dependent of the insourcing party. This allows the dominant party unilaterally insourcing the financial conditions of the contract to change, the customer is his dependent. By ensuring that the business contract is legaly closed, a lot of the misery can be prevented, but it’s ultimately important to build confidence between the outsourcing and insourcing parties. For the creation of mutual confidence it’s important to build and maintain a good relationship.
Recent research show that in 60% of the cases, the contractual relationships are disappointing and, the outsourcing relationship in as much as 58% of cases stops eventually.
To prevent this, we can assess the outsourcing relationship and we give independent advice implicitly how the relationship can be improved.