Auditing and IT consulting move into the spotlight of entrepreneurs

Opportunities for your company

Like many areas of the economy, auditing has undergone a major transformation in recent years. Its formerly somewhat dusty image is moving into the spotlight in many companies‘ corporate planning. What is the reason for this change in thinking, what is important in auditing, and why are auditing and IT consulting inseparable today? We talked to partner and auditor Carsten Hüttemann and IT and business consultant Manuel Paulfeuerborn from the law firm Tomik + Partner about this.

Mr. Hüttemann, you have been responsible for auditing at Tomik + Partner for over 10 years now. What has changed in that time?

In the past, auditing was seen by some clients more as a necessary evil that entrepreneurs had to face. Huge amounts of documents and folders were sent back and forth in order to have all the data and necessary information for the audit complete. Entrepreneurs didn’t really enjoy this.

Fortunately, digitalization has also long since found its way into auditing.

We receive data and documents digitally and often use direct access to our clients‘ systems. Documents can be made available very easily via our specially developed upload tool T+P SafeTansfer. This has proven to be very successful.

A lot has also happened on the part of our clients.

Most financial processes are mapped digitally and run automatically. Due to the increasing complexity of the IT systems used by our clients, IT system auditing is becoming increasingly important in auditing. Auditing and IT system auditing are therefore inextricably linked.

What do you think is particularly important in auditing today?

As a firm, you have to be digitally positioned and have a personal relationship with your clients.

At Tomik + Partner, we have been doing our homework in digitalization for years, so we are very well positioned.

However, in addition to all the advantages of digitalization, there is no substitute for the personal conversation with our clients. From my many years of experience at a globally positioned auditing firm, where clients were treated rather anonymously as a number and as one of many, I can say that personal advice and years of support for our clients, as we live it at Tomik + Partner, is a particular success factor in auditing. Because during the conversation we often learn further valuable information, which is very important for the holistic consulting. And the entrepreneur also benefits from many hints that we can give directly.

Our clients have a contact person throughout the entire process who is deeply involved in their issues and figures. He is available for all questions and coordinates the consulting. We also maintain these personal contacts between audits.

In my view, this mix of the highest level of digitalization and personal contact are the success factors in auditing at Tomik + Partner.

And because more and more clients already greatly appreciate this mix in our tax consulting, more and more clients are also entrusting us with auditing and booking additional consulting services. Our auditing division has therefore grown encouragingly in recent years. With currently four active

auditors and a team of qualified audit staff, we audit numerous annual and consolidated financial statements of medium-sized companies every year.

How do your clients benefit from digitalization in auditing?

Today, most entrepreneurs also recognize the opportunities offered by auditing. Increasing digitization gives us the convenience of having much more data and figures available.

Therefore, in addition to the pure audit result, there are many additional valuable insights that are important and often groundbreaking for the further economic development of our clients.

Once the data is available, we can also provide excellent advice on other areas. They have become the starting point and benchmark for business planning.

We at Tomik + Partner are very experienced in this area, be it in tax structuring, in business consulting or in IT consulting, where we have recently strengthened our team with IT and business consultant Manuel Paulfeuerborn. Mr. Paulfeuerborn is very experienced in IT system auditing and, as a CISA (Certified Information System Auditor), also highly qualified for consulting.

What challenges did Corona bring for you?

Not much has changed for us because we have been digitally active for years and invested in digital structures at an early stage. We can fully support our clients with the usual quality and efficiency, e.g. also from the home office, if Corona makes this necessary.

Thank you, Mr. Hüttemann, for this informative insight into your work and your firm. We wish you continued success in serving your clients!

Mr. Hüttemann, you have been responsible for auditing at Tomik + Partner for over 10 years now. What has changed in that time?

In the past, auditing was seen by some clients more as a necessary evil that entrepreneurs had to face. Huge amounts of documents and folders were sent back and forth in order to have all the data and necessary information for the audit complete. Entrepreneurs didn’t really enjoy this.

Fortunately, digitalization has also long since found its way into auditing.

We receive data and documents digitally and often use direct access to our clients‘ systems. Documents can be made available very easily via our specially developed upload tool T+P SafeTansfer. This has proven to be very successful.

A lot has also happened on the part of our clients.

Most financial processes are mapped digitally and run automatically. Due to the increasing complexity of the IT systems used by our clients, IT system auditing is becoming increasingly important in auditing. Auditing and IT system auditing are therefore inextricably linked.

What do you think is particularly important in auditing today?

As a firm, you have to be digitally positioned and have a personal relationship with your clients.

At Tomik + Partner, we have been doing our homework in digitalization for years, so we are very well positioned.

However, in addition to all the advantages of digitalization, there is no substitute for the personal conversation with our clients. From my many years of experience at a globally positioned auditing firm, where clients were treated rather anonymously as a number and as one of many, I can say that personal advice and years of support for our clients, as we live it at Tomik + Partner, is a particular success factor in auditing. Because during the conversation we often learn further valuable information, which is very important for the holistic consulting. And the entrepreneur also benefits from many hints that we can give directly.

Our clients have a contact person throughout the entire process who is deeply involved in their issues and figures. He is available for all questions and coordinates the consulting. We also maintain these personal contacts between audits.

In my view, this mix of the highest level of digitalization and personal contact are the success factors in auditing at Tomik + Partner.

And because more and more clients already greatly appreciate this mix in our tax consulting, more and more clients are also entrusting us with auditing and booking additional consulting services. Our auditing division has therefore grown encouragingly in recent years. With currently four active

auditors and a team of qualified audit staff, we audit numerous annual and consolidated financial statements of medium-sized companies every year.

How do your clients benefit from digitalization in auditing?

Today, most entrepreneurs also recognize the opportunities offered by auditing. Increasing digitization gives us the convenience of having much more data and figures available.

Therefore, in addition to the pure audit result, there are many additional valuable insights that are important and often groundbreaking for the further economic development of our clients.

Once the data is available, we can also provide excellent advice on other areas. They have become the starting point and benchmark for business planning.

We at Tomik + Partner are very experienced in this area, be it in tax structuring, in business consulting or in IT consulting, where we have recently strengthened our team with IT and business consultant Manuel Paulfeuerborn. Mr. Paulfeuerborn is very experienced in IT system auditing and, as a CISA (Certified Information System Auditor), also highly qualified for consulting.

What challenges did Corona bring for you?

Not much has changed for us because we have been digitally active for years and invested in digital structures at an early stage. We can fully support our clients with the usual quality and efficiency, e.g. also from the home office, if Corona makes this necessary.

Thank you, Mr. Hüttemann, for this informative insight into your work and your firm. We wish you continued success in serving your clients!

Mr. Paulfeuerborn, you are responsible for IT and Business Consulting at Tomik + Partner. How should one imagine your support in auditing?

I support the responsible auditor in the IT system audit as an important basis for the audit of the financial statements.

In doing so, I look at the IT system landscape of our clients with equal care, just as we look at the processes in accounting, for example. I examine the IT environment and ensure that processes comply with legal requirements. During the audit, weak points often come to light, and I am happy to advise our clients on how to optimize them.

With my CISA qualification, I have the necessary tools to provide targeted and sound advice.

What is a CISA, and what does it do in an auditing firm?

The abbreviation CISA stands for Certified Information System Auditor and is a globally recognized professional certification. Individuals who hold this title demonstrate special knowledge in the areas of information security,

development, implementation and operation of information systems. The skills of a CISA also include the areas of IT auditing or business continuity in the event of a crisis (referred to as Business Continuity & Resilience Management).

The title is awarded by ISACA (Information Systems Audit and Control Association). It is the umbrella organization based in the USA. ISACA develops international auditing standards and maintains a consistently high level of expertise.

In your view, what are typical weaknesses in the IT of medium-sized companies?

IT weaknesses result primarily from organizational failures in the companies.

For example, I often come across missing or insufficient authorization concepts, which in the worst case can lead to data falling into the wrong hands, or the operational business coming to a standstill if, for example, no one else can release or control certain processes in the event of the loss of a responsible person.

Many companies also do not give enough thought to cybercrime and have not developed contingency plans that could take effect in the event of cyberattacks. If no contingency plan has been drawn up to enable the IT infrastructure to be reconstructed within a specified timeframe, this means considerable damage to the company in the event of a super-game, which could even lead to the destruction of its existence.

It is therefore primarily a matter of thinking through corporate processes in detail in advance and then translating them into IT structures in a sensible manner and, above all, with the necessary security aspects in mind. I am very happy to help our clients with this.

Why do ERP conversion projects in medium-sized companies so often get out of hand?

There are numerous reasons for this.

Lack of competencies, unclear objectives, different expectations, lack of internal communication, lack of motivation for the changeover by the management, incomplete concepts and thus faulty decisions in the software selection, poor time management, not enough resources (human and financial).

Our clients are used to making decisions quickly, which has advantages in many situations. However, if you decide on a certain software hastily and without comparing without a thorough needs analysis, you are very likely to make the wrong decision. The project will most likely fail or at least get out of hand.

First and foremost, the success of an ERP project therefore depends on professional preparation and planning with the involvement of the users.

If there is not enough time, projects often get out of hand and the motivation for the changeover decreases.

How can Tomik + Partner support such projects?

Our clients benefit from my many years of experience in the implementation of ERP systems. For example, I ask the right questions at the right time, ensuring that all relevant information is considered during the evaluation phase.

I accompany the entire process from conception and selection of the right system to implementation and rollout.

It is often a good idea to have an outsider accompany the introduction of an ERP system. Our consulting is product-neutral, because we have no sales interest in our client choosing a particular solution. The software providers also appreciate it when the entrepreneur clearly defines what is important with our support.

That all sounds very exciting and forward-looking Mr. Paulfeuerborn. Surely many more entrepreneurs will benefit from your know-how. Good luck with that and thank you very much for the interview!

Mr. Paulfeuerborn, you are responsible for IT and Business Consulting at Tomik + Partner. How should one imagine your support in auditing?

I support the responsible auditor in the IT system audit as an important basis for the audit of the financial statements.

In doing so, I look at the IT system landscape of our clients with equal care, just as we look at the processes in accounting, for example. I examine the IT environment and ensure that processes comply with legal requirements. During the audit, weak points often come to light, and I am happy to advise our clients on how to optimize them.

With my CISA qualification, I have the necessary tools to provide targeted and sound advice.

What is a CISA, and what does it do in an auditing firm?

The abbreviation CISA stands for Certified Information System Auditor and is a globally recognized professional certification. Individuals who hold this title demonstrate special knowledge in the areas of information security,

development, implementation and operation of information systems. The skills of a CISA also include the areas of IT auditing or business continuity in the event of a crisis (referred to as Business Continuity & Resilience Management).

The title is awarded by ISACA (Information Systems Audit and Control Association). It is the umbrella organization based in the USA. ISACA develops international auditing standards and maintains a consistently high level of expertise.

In your view, what are typical weaknesses in the IT of medium-sized companies?

IT weaknesses result primarily from organizational failures in the companies.

For example, I often come across missing or insufficient authorization concepts, which in the worst case can lead to data falling into the wrong hands, or the operational business coming to a standstill if, for example, no one else can release or control certain processes in the event of the loss of a responsible person.

Many companies also do not give enough thought to cybercrime and have not developed contingency plans that could take effect in the event of cyberattacks. If no contingency plan has been drawn up to enable the IT infrastructure to be reconstructed within a specified timeframe, this means considerable damage to the company in the event of a super-game, which could even lead to the destruction of its existence.

It is therefore primarily a matter of thinking through corporate processes in detail in advance and then translating them into IT structures in a sensible manner and, above all, with the necessary security aspects in mind. I am very happy to help our clients with this.

Why do ERP conversion projects in medium-sized companies so often get out of hand?

There are numerous reasons for this.

Lack of competencies, unclear objectives, different expectations, lack of internal communication, lack of motivation for the changeover by the management, incomplete concepts and thus faulty decisions in the software selection, poor time management, not enough resources (human and financial).

Our clients are used to making decisions quickly, which has advantages in many situations. However, if you decide on a certain software hastily and without comparing without a thorough needs analysis, you are very likely to make the wrong decision. The project will most likely fail or at least get out of hand.

First and foremost, the success of an ERP project therefore depends on professional preparation and planning with the involvement of the users.

If there is not enough time, projects often get out of hand and the motivation for the changeover decreases.

How can Tomik + Partner support such projects?

Our clients benefit from my many years of experience in the implementation of ERP systems. For example, I ask the right questions at the right time, ensuring that all relevant information is considered during the evaluation phase.

I accompany the entire process from conception and selection of the right system to implementation and rollout.

It is often a good idea to have an outsider accompany the introduction of an ERP system. Our consulting is product-neutral, because we have no sales interest in our client choosing a particular solution. The software providers also appreciate it when the entrepreneur clearly defines what is important with our support.

That all sounds very exciting and forward-looking Mr. Paulfeuerborn. Surely many more entrepreneurs will benefit from your know-how. Good luck with that and thank you very much for the interview!

Learn more about auditing at Tomik + Partner