Compliance and Regulatory Alignment Checks of Internal Procedures
• Act on Cybersecurity (ZoKB), NIS2, DORA, GDPR, Cyber Resilience Act (CRA), ČNB directives, and recognised frameworks and standards (ISO/IEC 27000 family, COBIT, ITIL)
Secure and trustworthy IT underpins every organisation. IT internal audits help reveal weaknesses, reduce risk and ensure compliance with regulatory requirements – a preventative investment that keeps your IT under control.
Common Challenges Our Clients Have Faced – And We’ve Helped Solve
How to establish an effective IT internal audit framework
How to meet regulatory obligations with proportionate internal effort
How to prepare for and pass external audits and inspections
How to effectively test IT processes and controls
How to use audit results to strengthen IT governance and risk management
How to ensure independence and objectivity of Internal Audit
How to implement regulatory requirements efficiently
How to identify key IT and cyber security risks
How to address the most significant IT and cyber risks
How to track remediation and ensure timely implementation
How We Help
Testing of Key IT Control Areas
• access management, change management, segregation of duties, business continuity, incident & problem management, physical security, and more
IT Governance
• assessment of governance set-up and data management, including roles, rules and control mechanisms
GAP Analysis and Independent Audits Under Regulation
• prioritised recommendations and risk ratings by domain
Defining the scope of IT Internal Audit
• advisory to determine in-scope domains and the right audit approach that meets client needs
Drafting and Review of Internal Policies and Control Mechanisms
IT and Information Security Risk Assessments
IT Process Maturity Assessment, Modelling, and Recommendations
Control & Requirement Harmonisation across Regulations
References
Audit under the Czech Act on Cybersecurity / NIS2
We designed an audit plan in accordance with ZoKB and mapped it to the company’s internally defined risks. Based on meetings with company representatives and document review, we assessed compliance with the individual sections and articles of the Act. We assigned severity and recommendations to each non-compliance, including a timeline and priority. All findings and recommendations were discussed with Internal Audit and the auditees.
DORA Gap Analysis (including relevant RTS)
We mapped the requirements of the DORA regulation, including the relevant regulatory technical standards (RTS), and divided them into logical units and areas of the client’s internal controls. Through interviews with selected employees and documentation review, we described the current state and compared it with the state required by the regulation. For the identified gaps, we set priorities and an action plan, and we also calculated maturity across the five basic DORA domains.
Risk Analysis Review
We reviewed the risk analysis methodology according to the requirements of DORA and the related RTS. We checked the client’s risk analysis, including the completeness of identified risks, verified the proposed remedial measures and their status. The output was a final report in accordance with DORA and applicable legislation.
COBIT-based Process Maturity Assessment
Using the maturity model of the COBIT framework, we assessed selected IT processes. After discussion and presentation to the company’s management, we defined the steps needed for the company to reach the desired level of maturity in the selected priority processes.
