IT Audit

Each organisation has to understand the risks relating to information systems, technology and IT projects. Privacy and security issues regarding customer and sensitive information are also of primary importance. If the IT risks are not properly managed, they may impact profitability and damage your organisation’s reputation. 

Our IT audit team provides reasonable assurance on the efficiency, the effectiveness and the secu¬rity of the information systems. The services offered include audits of IT General Controls (ITGC), IT Governance, projects, security, outsourcing and performance.

We can help your IT department or Internal Audit department, either by performing specific audit assignments, either through the insourcing of Subject Matter Experts without the need to hire staff.  

How can we help?

Our professionals can help you covering a wide area of domains, including; 

  • Cybersecurity 
  • Information Security 
  • Regulations (GDPR, NIS…) 
  • IT Governance 
  • IT Risk Management
  • Portfolio and Project Management
  • IT Service Management   
  • ERP & Financial Systems
  • Cloud Security 
  • Robotic Process Automation 
  • Business Continuity Management & Disaster Recovery Planning

We provide you with highly experienced IT Auditors who are all Certified Information Systems Auditors (CISA) and obtained COBIT5 certifications. 

back to top

IT Governance

Technological advancements, security breaches or cyber-attacks, organisations continuously deal with rapidly changing threats. At the same time, organisations are facing increased stakeholder expectations and regulatory requirements. 

We can help you navigating through this risk landscape and assist you with the achievement of better IT governance and IT value creation.

IT Gover¬nance is about the principles, structures, mechanisms and processes to ensure the effective and efficient use of IT to enable your organization achieving its objectives whilst mitigating risks and optimizing resources.  

How can we help? 

Our COBIT-based IT Governance assessments provides you with insights and recommendations on:

  • The alignment of your IT strategy with the strategy and objectives of the organisations
  • The value creation of IT towards the business
  • IT resource optimization
  • Investment and project benefits delivery
  • IT Risk Management
  • IT Performance Measurement and Monitoring

We provide you with highly experienced IT Auditors who are all Certified Information Systems Auditors (CISA) and obtained COBIT5 certifications. 

back to top

Data protection & privacy

Digitalisation of business processes leads to an explosion of available data. At the same time, organisations are faced with numerous risks such as data breaches and cyber-attacks but also with increasing regulatory requirements (e.g. GDPR). If not managed properly, your Data Security and Data Privacy risks may impact your profitability and damage your organisation’s reputation. 

The new European Global Data Protection Regulation (GDPR) brings new privacy requirements in terms of user consent and rights. Organisations need to perform a Data Protection Impact Assessment (DPIA) and, in case of high risks, they need to assign a Data Protection Officer (DPO). Moreover, Information systems need to be implemented taking into account Privacy by Design and Privacy by Default principles. 

For more information, please consult our brochure .

How can we help? 

We can assist you with following services:

  • DPO-As-A-Service
  • GDPR compliancy assessments
  • GDPR implementation

back to top

SOC Reporting - ISAE3402/ISAE3000

Third Party Assurance Reporting 

Organizations frequently outsource key activities to specialized Service Providers. As such, these organizations (i.e. your customers) share confidential and/or personal information with you (i.e. their Service Provider) such as financial transactions, medical records, customer information, etc. 

At the same time, we are faced with reported data breaches, cyber-attacks and increasing privacy regulations. Customers, auditors, regulators and other relevant stakeholders are becoming highly demanding to obtain assurance about the control measures put in place by you to protect private and/or confidential information and to ensure availability of systems.  One of the most effective ways through which you, as a Service Provider, can communicate information about your risk management and implemented controls is by means of a Third Party Assurance Report (ISAE3402 or ISAE 3000).  

For more information about SOC reporting, please consult our brochure .

How can we help? 

  • ISAE 3402 (SOC1) attestation focused on financial reporting risks and controls
  • ISAE 3000 (SOC2) attestation focused on security, availability, confidentiality, integrity and data privacy control objectives
  • High quality reports delivered at a fair price

We offer you a team with extensive experience in Financial Reporting Controls and Information Technology Controls. 

Our approach is pragmatic and focused on helping you in an efficient and cost effective manner during the whole process.  For more information, please visit the link below. 

If you would like to know, how we can help, please contact us without further obligation.

back to top

ISMS ISO 27001

Developing and realizing an Information Security Management System (ISMS)

Information, written down on paper or stored and transferred in electronic ways, is one of the most valuable assets of an organisation. Nowadays the risk that your organisation becomes a victim of cybercrime is increasing, no matter if your data is stored on premise or in the cloud. 

Developing and realizing an Information Security Management System (ISMS), which implements the proper measures to assure the Availability, Confidentiality and Integrity of your information, is within the capabilities of each organisation. 

Many organizations already have security controls in place to protect their information assets and business process. However, without a proper Information Security Management System, these controls will be disorganized and disconnected. 

What is an Information Security Management System (ISMS)?

According to ISO, an ISMS “is a systematic approach to manage sensitive company information so that it remains secure. This including; people, processes and IT systems by applying a risk-based approach”. 

What is ISO 27001? 

ISO/IEC 27001 is an information security standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The IT Security standard is a set of policies, procedures, processes and systems that manage information risks such as cyber-attacks, hacks, data leaks and thefts.

Why should you implement ISO 27001? 

  • Gives your organization market advantage by differentiating you from competitors
  • Compliance with legal and regulatory requirements
  • Increased organizational efficiency as responsibilities and processes are clearly defined
  • Minimizes business continuity risks
  • It demonstrates commitment to Information Security Management towards your clients and  other stakeholders

How can we help?

Our Information Security and Risk Management experts can help you with:

  • Establishing an Information Security Management System (ISMS)
  • Preparing and guiding your organisation to become ISO 27001 certified

Our approach is pragmatic and focused on helping you in an efficient and cost effective manner during the whole process. 

For more information, please visit the link below.

back to top

Process Mining

Improve efficiency and effectiveness of your business processes

Business processes are often difficult to manage and comprehend. At the same time, your organization might be exposed to operational inefficiencies, customer complaints, increasing compliance requirements etc. 

Understanding your business processes is a first step prior to deciding on any improvement initiative. 

An increasing number of business processes are being digitized by organisations. Due to this digitization an increased amount of data is captured by the supporting IT systems, which can be turned into opportunities for your organisation.

By applying process mining, available data is turned into valuable insights about your business processes. Consequently, processes become comprehendible, manageable and able to be improved continuously. 

Did you ever ask yourself:

  • What is really happening in the business processes?
  • Whether the reality is in line with how the process was designed? 
  • Which are the bottlenecks and inefficiencies during the process lifecycle?
  • How to optimize your business processes?

What is process mining?

Process mining is a data-mining technique to analyze and visualize the reality of your business processes and compare it with plans and theory (“how the process should run”).  During process mining, algorithms are applied to event logs (i.e. business events recorded in your IT systems). These event logs contain data that can be turned into valuable and fact-based insights about your processes. 

Process mining can be applied to every digitized business process (purchasing, sales, incident management etc.). 

How can we help?

Based on your request, problem and context, we first identify and extract relevant process data. This data needs to be cleaned and formatted before being uploaded in the ‘process mining’ tool. Analysis of your data is done automatically by the tool and allows us to quickly get a view on your real process and the most important process deviations and bottlenecks. 

For more information, please visit the following link

back to top

Cybersecurity Assessment

Our daily lives and our business processes are becoming highly digitized, resulting in an explosion of critical assets (data, infrastructure, applications). Together with the growing sophistication and use of information technology, we have been witnessing a major growth in cybercrime putting these critical assets at risk. Cyber criminals are also becoming more innovative and ambitious, targeting your assets with phishing attacks, ransomware, social engineering and many other assaults.

At the same time, organizations are being confronted with increasing pressure from regulators and stakeholders. If cybersecurity risk is not managed well, threats might have a negative impact on your brand reputation, operations, regulatory compliance and more.

For many organizations, it is a challenge to monitor these evolving risks and ensure appropriate (preventive, detective and reactive) measures are in place.

  • What is your organization’s current cybersecurity maturity level?
  • What are your highest and unacceptable security risks?
  • Are you compliant with regulations such as GDPR?
  • Which investments to your cyber security operations should be prioritized and why?
  • Review of the logical access controls to IT systems


Cybersecurity Assessment (CSA) Cybersecurity vulnerabilities can be identified at three levels: technology, people and processes. Therefore, it only makes sense to apply a layered Cyber Security Approach.

At Crowe – CPT, we have developed a Cyber Security Framework, which is aligned with leading industry frameworks such as NIST, ISO 27001 and the Center of Internet Security (CIS).  In addition, current legislations such as GDPR are integrated as well.

It is all about finding the right balance between People, Processes and Technology.

How can we help you? 

We use our technology solutions to assess your technology controls. Our experts can help you with:

  • Vulnerability assessments: we review and analyze your computer network for possible security vulnerabilities and loopholes.
  • Web application vulnerability assessments: we discover and mitigate security issues in web applications.
  • Penetration testing or ethical hacking: to simulate a cyberattack to evaluate the security of the system.

We can help your people by:

  • Defining a strategy to create awareness and to train employees
  • Providing cyber security awareness and training sessions

We can help you improve your processes by:

  • Creating and improving your policies and procedures
  • Guiding you in the set up of your governance or control framework

For more information, please visit following link .

Cloud Security Auditing

Many organizations are leveraging cloud computing solutions. As a result, cloud environments are becoming the primary location for many organizations to store data, manage their applications or leverage new technologies.

Cloud computing has the potential to provide many benefits to organizations; IT cost reduction, scalability, collaboration efficiency, etc. However, cloud computing is not without any risk.  Advances in cloud computing have increased the potential for both internal and external threats to your organization which result in major risks (e.g. data breach, downtime,…) that need to be managed by user organizations. 

Cloud computing environments come in many forms, depending on the service model (IaaS, PaaS, SaaS) and deployment model (public, private, hybrid).  For example, organizations can create a ‘hybrid cloud environment’ that enables them to leverage on a combination of on-premise, private and third-party cloud services tailored to their needs. 

When operating with more than one cloud environment, organizations need a sound strategy and governance model to manage the  increased complexity and related risks they are exposed to.

Wherever you are in your ‘cloud journey’, cloud assessments can help you to identify the risks that your organization is exposed to and whether the internal control environment is sufficient and in line with your risk appetite. 

How we can help?

Our cloud security assessments are risk-based and tailored to the specific cloud set-up at your organization. This way, we provide businesses with the requested assurance on their cloud security set-up and with concrete recommendations to mitigate unacceptable risks.   

For more information, please consult our brochure below.