de en
Support of the audit of the annual financial statements

Support of the audit of the annual financial statements (audit support pursuant to IDW PS 330)

When auditing annual financial statements the auditor is obliged to engage with the (accounting-related) IT systems of the company being audited. Under sections 316 to 324 HGB the auditor must also audit the fitness for purpose of the accounting processes and thus the compliance with the Generally Accepted Accounting Principles (GoB) set down in sections 238 et seq. and 257 HGB and sections 145 to 147 AO.

Taking these guidelines for bookkeeping as its basis, the Technical Committee for Information Technology (FAIT) of the Institute of Public Accountants in Germany (IDW) has expanded on the GoB requirements for the use of IT and published various accounting standards:

  • GoB for the Use of Information Technology (IDW RS FAIT 1),
  • GoB for the Use of Electronic Commerce (IDW RS FAIT 2),
  • GoB for the Use of Electronic Archiving Processes (IDW RS FAIT 3).

Additionally, the "Generally Accepted Principles of IT-based Accounting Systems (GoBS)" and the accompanying documentation issued by the German Federal Minister of Finance (BMF) apply to the performance of IT audits. Similarly, the guidelines on the storage of documents set out in further detail in the BMF document "Principles of Data Access and Auditability of Digital Documents (GDPdU)" must be taken into account.

Depending on the complexity of the systems used, a comprehensive IT system audit in accordance with IDW Auditing Standard 330 (IDW PS 330), or at least an audit of selected sub-areas or sub-elements of the IT system, is necessary. The IT audit is a component of the audit of the internal control system (ICS). Before the actual audit an appraisal of the IT system is performed. The outcome of this IT system appraisal is a risk assessment on which the further audit strategy is based and that indicates which (IT-related) audit fields need to be investigated in further detail during the course of the audit. An initial audit will then be performed for each audit field to assess the adequacy of the actual design of the ICS. The aim is to assess whether the ICS that is implemented (and documented) (actual position) is adequate given the risks specific to the auditing field and can be effective in the planned scope. After that the functional audit assesses whether the implemented controls (actual position) are effective in the areas which the ICS was deemed adequate in the initial audit.

IDW has developed an auditing note (IDW PH 9.100.1) for audits of small and mid-sized businesses (SMBs) that refers to the fact that the IT system audit under IDW PS 330 also relates to SMBs. The issue of whether and to what extent audit activities need to be performed is less to do with the size of the company being audited and are more about the complexity of the IT systems it uses, which in turn also determine the scope of the audit and the type of audit procedures to be performed.

As it is necessary to account for the risks that arise from the use of IT (IT risks) during the audit of financial statements, IT AUDIT supports professional colleagues in performing IT audits because the audit of IT systems requires a certain level of technical knowledge combined with process-orientated thinking. An adequate and effective IT audit requires the auditor to have up-to-date technical knowledge, which is not easy to keep abreast of given the rapid development of the IT sector. We have developed a procedure based on checklists and other tools for this purpose.

Our clients are mainly small and mid-sized auditors / auditing firms. We work closely with the lead auditor / auditing team of the auditing firm to enable an optimum transfer of knowledge. As the budget and time allocated to IT audits is generally very low, precise audit planning (over several years) is necessary.

We provide written reports on the type and scope as well as the outcome of our audits with a corresponding application of the generally accepted principles of reporting set out in IDW PS 450. Our audit activities are documented using IDW PS 460, which ensures that quality-assurance requirements are also complied with. On completion of the audit the (commissioning) auditor is given all working papers, which he can add to his documentation with a view to a potential pending quality control (peer review). Additionally, the client is given an overview of the findings as well as any measures that need to be taken.

As an auditing firm IT AUDIT is obliged to observe the professional principles and the IDW statements (audit standards, accounting standards etc.) under the laws that govern the profession.

Where to find us:
Im Mediapark 5a
50670 Cologne
Phone+49 221 952681-190
Fax+49 221 952681-114
E-Mail infoit-auditcom