IT Audit

Digital technology underpins every aspect of how your organisation works.

TIAA has a dedicated team of ICT specialists, who have the skills and expertise to ensure your digital systems are optimised. From development and guidance to support digital transformation to new technologies, to dealing with emerging cybersecurity risks, incident response and disaster recovery, we will work with you to support and improve the effective use of technology.

Our digital audits are detailed and thorough

You can be safe in the knowledge that your digital systems have undergone rigorous root cause analysis, testing and review.

All modern organisations rely on their digital infrastructure, it is at the heart of each business, supporting and enabling every aspect of your services. This is why it is so important to properly protect, monitor and develop your investment in digital technologies.

Detailed analysis and reports

We have a specialist IT Governance Team to help you tackle the vital issue of data protection and privacy. We will ensure you meet regulatory standards and advise you on the best ways to ensure your sensitive information is effectively safeguarded.

TIAA’s range of Digital Audit services includes:

  • Digital strategy and transformation
  • Digital risk assessments
  • Assurance on strategic and operational Digital projects
  • Software application and database audits
  • Network infrastructure management and communications audits
  • Cloud technologies
  • Cybersecurity
  • Cyber Resilience
  • IoT
  • Artificial Intelligence
  • Intelligent Automation
  • Information governance and legal compliance
  • Strategies for business continuity and disaster recovery
  • Systems under development

Data security is a critical competence for organisations in all sectors

Every individual expects their personal information will be treated with confidentiality and care. Regulatory requirements are tightening, media scrutiny is increasing and public concern over the privacy of data is growing. In this context lapses in data security are often high profile, since the introduction of the 2018 Data Protection Act (GDPR), they can result in fines of up to 4% of turnover and lead to serious damage to your reputation.

All modern organisations rely on an ICT architecture that is becoming increasingly complex over time.  Information is often managed across multiple sites and through many different delivery partners. Due to this level of intricacy, national guidance and best practice recommends that your information governance arrangements should benefit from independent scrutiny.

How we work with you

TIAA can provide assurance and advice on the confidentiality, integrity and availability of your information. We act as a trusted third party expert, helping ensure you can access and use your data with total confidence.

Our experienced specialist team will enable you to:

  • Comply with current legislation and codes of practice
  • Build the right skill sets, culture and conditions for good data governance
  • Successfully project manage and map your data governance
  • Avoid pitfalls and overcome roadblocks in data governance initiatives
  • Benefit from best practice advice and support in information handling

We also offer the following services:

  • Data Protection Act 2018 (GDPR) compliance.
  • On-line Training modules made available to our clients.
  • Information governance training materials validation.

In response to data breach incidents our Cyber and Digital Forensics experts are also available to assist with the provision of wider assurance over your ICT services or recovery of data should the need arise.

Please contact us for more information or to discuss how TIAA can benefit your organisation.

who we help

We offer bespoke business assurance services tailored for each industry and sector


At the heart of effective Housing Associations are data collection systems that provide information to support decision making stock condition, rents, loans, tenant services, health and safety and achievement of consumer standards.  Some of this information may be highly sensitive personal information relating to safeguarding individuals.  Compliance with the Data Protection Act to ensure the security, data integrity, and availability of these systems is paramount. An increase in remote working has added to the cyber security risks associated with critical information assets. In an attempt to exploit changes in the way of working, ransomware, malware and phishing attacks are increasing.   Many Housing Associations use Cloud IT service providers, and may have limited in-house IT capability or capacity. Cloud services are experiencing an increase in attacks such as account hijacking and impersonation.

In order to provide assurance on the management of these risks we can provide focussed reviews in specific areas such as:

  • Software Application Control Reviews of your data collection systems
  • Data Analytics reviews to examine data integrity and quality
  • Cyber Security reviews and vulnerability scanning of your technology assets and infrastructure (including cloud services)
  • Data Protection Compliance Audits.


Digital Technology underpins the delivery of the National Health Service Long-Term Plan.  An effective healthcare system will increasingly require a more joined up and co-ordinated approach; increased agility in providing proactive services; and improving population health.  Alongside redesign of provider healthcare provision and improvements in out-of-hospital care, digitally enabled primary and outpatient care will enable a more effective approach to the delivery of services. Clinical Safety and Healthcare data are probably two of the most sensitive aspects associated with improving patient care wellbeing and personal data privacy for patients. Healthcare holds vast amounts of data on the population, and many of the patient services it offers are dependent on the safe, controlled sharing between services and IT applications. Cyber security remains a significant risk to NHS organisations where successful attacks could potentially lead to disruption of services, loss or tampering with data that may lead to patient harm.

In order to provide assurance on the management of these risks we can provide focussed reviews in specific areas such as:

  • Digital Programme and Project assurance reviews aligned to your objectives
  • Patient Software Application Reviews of your patient data collection systems that take into consideration clinical safety
  • In depth Cyber Security reviews and vulnerability scanning of your technology assets (including medical devices) and infrastructure
  • Focussed Information Governance review to provide independent assurance toward achievement of the requirements of the NHS Data Security and Protection Toolkit.
Higher Education


The Education sector has faced unique challenges and technology risks. The sector has needed to show agility in its strategic response to recent events by embracing on-line learning for students as well as ensuring that the workforce can safely deliver these services remotely.  Significant risks to cyber security have crystallised across the sector with some providers of cloud services and their education customers subject to data breaches and disruption of payment services.  A traditional open access approach to IT security commensurate with academic need needs to be balanced with effective security solutions to protect educational institutions, intellectual property and students. In addition, each year it has a fresh set of students who will all need to learn and adopt IT security measures.  The IT estate of devices is also challenging, as users tend to have their own device, which cannot be forced to be secure or compliant with best practices.

In order to provide assurance on the management of these risks we can provide focussed reviews in specific areas such as:

  • In depth Cyber Security reviews of your corporate and academic network design supported with vulnerability scanning of your technology infrastructure
  • Targeted assurance reviews of on-line cloud learning platforms and Student Information Systems
  • Technical assurance reviews of remote working solutions
  • Reviews of digital strategy re-alignment.


Charities face unprecedented times with funding pressures and increased service demand.   In response, a strong presence is required in the digital marketplace to support fund raising and provision of charitable services.  Databases of donors need to meet legislative requirements for Data Protection.  Recent high-profile attacks, such as the Blackbaud platform hack, have caused substantial increase in risk to Charities who are largely dependent on cloud-provisioned services for all aspects of IT and administration. Charities may suffer irreversible damage to their reputation and subsequently their income, if a cyber-attack results in a breach of personal data of those donating.

In order to provide assurance on the management of these risks we can provide focussed reviews in specific areas such as:

  • Digital Strategy reviews
  • Cyber Security reviews of your digital infrastructure
  • Targeted assurance reviews of fund raising apps
  • Reviews of Data Protection Compliance.


Digital trends indicate that local government are increasingly looking at off-premise digital infrastructure solutions to support economies in the delivery of their services.  The increase in remote working is also driving a digital transformation toward cloud-based applications. The Public sector has been struggling with significant reductions in income, and expectation of delivering the same services with less resource. As a result there may be inadequate investment in IT, leading to the potential for technical debt. This may manifest in reduction in the availability or functionality of key IT systems. Poorly specified IT can also lead to cyber security breaches, poor user experience or inefficient business processes e.g. lack of system Interoperability  due to the perpetuation of an unsupported version. The closer working between social care and healthcare services has requires consideration of integrated solutions to improve public health, whilst ensuring mitigation of the Data Protection risks associated with information sharing and safeguarding the vulnerable.

In order to provide assurance on the management of these risks we can provide focussed reviews in specific areas such as:

  • Reviews of Digital Infrastructure solutions and shared IT services
  • Cyber Security reviews
  • Technical assurance reviews of remote working solutions
  • Targeted assurance reviews of software applications used to support service delivery
  • Reviews of Data Protection Compliance.


We also offer services to other sectors, including Credit Unions and Private and Commercial organisations.  Please get in touch if you would like to find out more about these services.

Get the full TIAA experience and find out how we can help your business

Meet the team

Who you’ll be working with

our clients

TIAA have been fortunate to work with companies in all sectors across the UK

Enquire now

Looking for Business Assurance Services?