IT auditing outside of the
year-end audit – IDW PS 860

Many companies choose to audit the appropriateness and security of their IT systems apart from the annual financial statement audit. The new auditing standard IDW PS 860 applies in this case.

It conforms to the International Standard on Assurance Engagements (ISAE) 3000 (Revised) “Assurance Engagements Other than Audits or Reviews of Historical Financial Information,” and creates a uniform regulatory framework. Furthermore auditing practice statements have been developed for IDW PS 860, which provide further detail on how to apply the principles of the announcement in relation to auditing individual It-supported processes and procedures.

Our services

Auditing of IT-supported processes and procedures apart from the year-end audit as:

  • Verification of fulfillment of statutory or regulatory requirements, such as fulfilling the MaRisk, the IT Security Act, or the German Federal Data Protection Act (BDSG) or EU General Data Protection Regulation (EU-GDPR).
  • Verification of security during the software development process
  • Verification that IT systems conform with tax law requirements (such as Sections 14, 14b of the VAT Act, Sections 146, 147 of the tax code, and the GoBD)
  • Verification that IT systems conform with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS), archiving standards, etc.
  • Verification that IT systems conform with ISO and DIN standards
  • Verification that IT systems conform with generally recognized frameworks, such as the COSO, COBIT, ITIL
  • Verification that recruiting controls and personnel training measures are effective
  • and many other verifications

We complete our audit of your IT systems in accordance with IDW PS 860, meaning that we audit your IT systems or specific parts of the systems to ensure they comply with certain regulatory criteria. These may include industry-specific, internal company or statutory requirements. During the course of the audit, we document the principles, procedures and measures applied, and review whether these are effective and appropriate.

You receive verification that your IT systems conform to regulatory requirements, and fulfill applicable criteria. Of course, we also provide you with feedback on how you can optimize your internal processes.

Our experience – Your added value

The experts at RLT IT & system auditing

To the expert team