IT Assurance

Assurance and insight for your technology environment

Businesses face increasing complex regulatory requirements and a continuously evolving technological landscape. To thrive they must reply upon the controlled operation of information technology to be compliant, function securely and minimise IT related risks

In this fast-changing environment, customer trust, public and investor confidence and meeting with regulatory compliance are paramount. We can help by:

  • working with audit professionals to provide assurance in the technology environment used for financial reporting and related internal controls over financial reporting;
  • improving confidence on technology dependent internal controls as a result of business growth;
  • assessing and minimising technology risks within the existing technology framework and on new business initiatives such as implementing new technologies or the launch of products or services; and
  • providing insights on key technology challenges and future trends through our thought leadership and publications.

Our integrated risk-based approach and extensive sector experience means we can provide insight on technology risks for boards, audit committees, and key senior management executives. We are able to assist with:

IT Internal Audit (IA) Resourcing

We work with our clients to achieve their IA objectives through co-sourcing, outsourcing or bespoke models, in line with their business needs. Find out more about our IT Internal Audits

IT Due Dilligence

In the event of mergers and acquisitions, we provide deep drill downs or specific insights on the technology environment to boards and investors for making informed decisions, as part of buy-side or sell-side requirements.  Find out more about our IT Due Dilligence

Service Organisations Controls Reporting

We provide independent assurance on the controls implemented by service organisations providing services to user organisations. Service organisations demonstrate their internal control environment for gaining business confidence from their existing or prospective customers. We assist our clients in gaining assurance in line with applicable standards (US, or International) such as ISAE 3402 (referred as SOC1) or AICPA AT101 (SOC2 or SOC3). Our services cover design (Type 1 report) and operating effectiveness (Type 2 report) of controls at service organisations. Find out more about our SOC Reporting

Diagnostic assessments

Our diagnostic assessments help clients understand the control gaps in their IT environment and improve the overall technology risk framework. We cover a range of specific risk areas such as cyber security, data privacy, IT strategy and capability, business continuity and disaster recovery, data quality, information governance and data protection/GDPR, against leading industry practices.

Control optimisation

We help clients evaluate and streamline their existing control frameworks in the organisation.

Independent project assurance

We can act as an independent adviser to management and project boards for effective implementation of new systems and projects, by identifying and mitigating project risks before they arise.

Application Reviews

We assist clients in reviewing their business applications to assess the control environment within systems to address specific business or process risks. The review includes access reviews, configurations and setups, master data set up, transactions, and interfaces. Our recommendations are used for enhancing functionality, security, and control environment within applications. 

Get in touch

Your personal data is collected by Mazars in South Africa, the data controller, in accordance with applicable laws and regulations. Fields marked with an asterisk are required. If any required field is left blank, it will not be possible to process your request. Your personal data is collected for the purpose of processing your request.

You have a right to access, correct and erase your data, and a right to object to or limit the processing of your data. You also have a right to data portability and the right to provide guidance on what happens to your data after your death. Finally, you have the right to lodge a complaint with a supervisory authority and a right not to be the subject of a decision based exclusively on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar way.