NOREA IT Report Readiness

In 2021, the Dutch Association of Registered EDP Auditors (NOREA), the professional organization of IT auditors in the Netherlands, announced that organizations will soon be required to prepare an IT report and have it reviewed by an independent auditor. A NOREA working group is currently drafting the framework and review requirements and testing them with a pilot group of organizations. Our expectation is that the requirement for all medium to large enterprises to prepare an IT report will soon follow thereafter. 

Unlike assurance reports (ISAE 3000, 3402 and ISO27001), the IT report is not solely focused on history. This allows more room to report on strategy, maturity level, ambitions and the risks involved. 

It is expected that the IT report should include the following topics, among others: an outlook, a summary of IT strategy, key projects and processes, access security, continuity, investments in IT and third-party dependencies. 

We understand better than anyone that compliance with such a new regulation brings questions and uncertainty and that you may not (yet) have sufficient knowledge in this area.  

We closely follow developments around the IT report. ARC People has experience in preparing input for assurance reports, such as the general description of the management organization. We have a team of professionals that can help you prepare for the new regulations around the IT report. We can also help you prepare the IT report and/or perform an evaluation of the report's accuracy and completeness before your independent auditor formally reviews the report. 

Would you like to spar on this topic now? Then contact us to discuss the possibilities.