Skip to main content
07

IT Systems Audit

Information systems audit: ITGC, application controls, data reliability, application security and ISA 315 / COBIT compliance.

ITGC COBIT ISA 315 IS Audit

Key features

Standards covered

ISA 315 ISA 330 COBIT 2019 ITGC AUDCIF

Our scope

Information systems audit verifies that the IT chain producing financial and operational information is reliable, controlled and auditable. Three families of engagements:

  1. ITGC audits — IT general controls (access, change management, IT operations, backups)
  2. Application audits — controls within ERPs, business applications, interfaces: integrity, completeness, accuracy
  3. Statutory audit co-engagement — IS portion of a statutory audit per ISA 315 and ISA 330

Our standards

ISA 315 / ISA 330

In a statutory audit engagement, the International Standards on Auditing require an understanding of the information systems underlying the financial statements (ISA 315) and the design of responses to identified risks (ISA 330). Our firm operates in co-engagement with statutory auditors to specifically cover this IS dimension.

COBIT 2019

The COBIT framework structures our approach to IT general controls: Plan & Organize, Acquire & Implement, Deliver & Support, Monitor & Evaluate. We adapt it to the size and IT maturity of each audited entity.

AUDCIF

For OHADA companies, we align our work with AUDCIF directives to ensure compliance with local professional requirements.

Methodology

Planning

Understanding of the application landscape, identification of systems contributing to financial reporting, IS risk analysis, scoping of test work.

Execution

Review

Written deliverable with findings synthesis, risk levels, prioritised recommendations and remediation plan. For co-engagement assignments, deliverable aligned with the statutory auditor’s expectations.

Use cases

Pre-implementation audit

Evaluation of application controls and ERP configuration during deployment, before go-live. Secures controls by design rather than through remediation.

Migration audit

Data integrity verification during ERP migration or application transition — completeness, accuracy, retention of audit trails.

Annual ITGC audit

Recurring engagement integrated into the annual statutory audit cycle, providing statutory auditors with documented assurance on the entity’s IS controls.

Our team

Auditors certified CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), ACCA and trained on Microsoft and SAGE standards. For statutory engagements, co-engagement with licensed audit firms on the financial dimension, with MAAS taking the IS portion.

Also explore

01

Consulting & Digital transformation

IT strategy definition, master plans, business analysis and change management on critical projects.

Discover
02

ERP rollout

Implementation, configuration and data migration on the leading market suites, in multi-standard mode (IFRS, OHADA).

Discover
03

Network & cloud infrastructure

Architecture, cloud migration and hybridisation, DevOps pipelines for demanding production systems.

Discover

Let's talk about your project

A demo, an audit, an ERP to roll out? One message is enough to start the conversation.