What does an IT audit cost? Price indication and factors

IT-audit5 min read·
K

Kees van der Vlies

Partner | IT Auditor

Also available in:Nederlands

One of the most frequently asked questions we receive is: what does an IT audit cost? The honest answer is that this depends heavily on the type of audit, the size of your organisation and the complexity of your IT environment.

For a SOC 2 Type I report you can expect an investment starting at around fifteen thousand euros for a simple SaaS environment with limited scope. A SOC 2 Type II report is more extensive because of the longer observation period and typically comes out higher. ISAE 3402 reports are in a comparable range.

DigiD assessments are usually more compact in scope and therefore more limited in cost. The exact investment depends on the number of DigiD connections and the complexity of the underlying infrastructure.

Factors that influence the price include the number of systems in scope, the number of locations, the presence of subservice organisations, the maturity of existing controls and documentation, and whether it is a first audit or a repeat.

For repeat audits the costs are generally lower. The auditor already knows the environment, documentation is in order, and the test programme can be carried out more efficiently. First audits require more effort because of the initial familiarisation and scope definition.

A common mistake is to look only at the audit costs. Also prepare for internal hours for supplying evidence, answering questions and implementing any improvements. A good auditor helps you organise this process efficiently.

At Secure Audit we work with transparent, agreed prices set in advance. No surprises afterwards. Get in touch for a tailored quote.

About the author

K
Kees van der Vlies

Partner | IT Auditor

Back to knowledge base

Have a question?

Get in touch for advice on IT audit, compliance and information security.

Contact us