assets
 business risks confidentiality Home
audit business continuity compliance to laws About us
authorization best practices corp. governance Contact Us
availability business objectives clause 49 Career

    Customers
Technologics & Controls
Services
Products

IS Audit

More and more organizations across the world are concerned with the investments in IT versus derived and perceived benefits. IT enabled businesses in the true sense, seems a distant dream. Begin, with the IT/IS Audit to know your score.

We review the complete IT infrastructure, networking, business Applications, resource management, data Security and controls. Primary focus of this audit is to protect the Information Assets in line with business risks. Audit is conducted with the help of comprehensive audit checklists and necessary audit tools.

Deliverables – A report of findings on IT management, performance and availability. The report includes recommendations with solutions to be implemented.

Corporate Governance

IT Governance is about best practices of procedures, controls and timely remedial measures. It is an assurance that the information assets upon which enterprises base their mission-critical decisions is reliable, confidential, secure and available when needed.

IT Governance Good Internal Controls Corporate Governance

Good Internal controls are a result of IT Governance initiatives, which leads to Corporate Governance. Investing into firewalls, IDS, UTM and other security devices alone is not the solution.

Through, IT Governance we mentor and monitor the enterprise’s IT on a religious basis to ensure IT is aligned to business. Risk identification, analysis, management and mitigation are embedded in internal and IT controls to achieve governance. We can guide the IT Governance initiative inline with Sarbanes Oxley Act 2002 (Sox 404), USA and Clause 49, SEBI, India.

Working together, we can implement -

  • Risk analysis and rating matrix
  • Alignment of IT to business
  • CobiT – Comprehensive framework for IT governance
  • COSO – The Corporate Governance model

Expenses and Cost Management

Though a subset of corporate governance, our focus is to review and suggest cutting IT spend without any compromise on organization efficiency. Today’s IT entails huge investments on servers, network infrastructure, business applications and tools. We recognize that investment in IT is mandatory for the success of the enterprise. Let’s not forget that technology is far more capable today than ever before and “More for Less” is an achievable opportunity.  Our reviews evaluate-

  • Cost benefit analysis (CBA)
  • Recurring expenses
  • Savings through operational efficiency
  • Shared service implementation

Network Security

As per Gartner, the net worth of any organization is primarily based on intangibles such as information assets (Data). Data protection therefore is the key to success and survival. Security is inherently weak in absence of constant watch on data movement from within or from outside the enterprise.

We can help organization plug security holes through –

  • Network Vulnerability assessment
  • Penetration testing and security devices assessment
  • Implementation of security best practices across SSO, storage repositories, applications and networks
  • Audit trails and analysis

ISO 27001
Have you ensured your information is protected by internationally recognised quality controls? This widely adopted standard is an excellent framework to develop or enhance  organisation’s security. ISO27001 provides a proven method to identify, manage and reduce the range of threats to which information may be subjected. Our qualified consultant can be utilized for –

  • ISO27001 implemenation support
  • ISO27001 pre audits
  • ISO27001 training

Business Continuity Planning / Disaster recovery Planning

A much talked and hyped concept where BCP / DRP is made out to be a major investment initiative to prepare and plan for the most unwanted untoward incidents and disruptions to business.

While, it is essential to work towards a comprehensive BCP, it is necessary to remain practical. We guide to implement the most suitable plans subject to business risks and probability of occurrence of disasters. Utilize our services to –

  • Plan, design, test and implement the BCP / DRP
  • Review and audit the implemented BCP
  • Review of business impact analysis (BIA)
  • Disaster Recovery readiness audit

ERP / Business Application Review

A CFO of a large multinational enterprise – My managers do not use ERP for decision making!
Business applications are direct catalysts for organizations to remain on the growth path. Applications maybe successful, yet do not deliver the expected (ROI, ROA) values.
We review the application adequacy by –

  • Access and authorization controls
  • User satisfactions Analysis
  • Functional mapping analysis
  • Application performance and utilization
  • Vendor / third party assessment

Software Development Process Review

Whether you develop software for global customers or the in-house customers, concerns related to successful acceptance is the key to success. Software projects inherently are prone to resource, time, cost, technical, functional and operational risks. A best practice is to involve a qualified IS auditor to recommend checks and controls, right from start to ensure the project is moving towards its desired goals.
Our team is technically qualified to service you on -

  • Project risks analysis (Across all SDLC Phases)
  • Assistance in system, database design to include controls
  • Utilization and acceptance
  • Change management best practices

Secure Product Assurance

Vendors should satisfy the customer that their software manage data securely throughout its life cycle during input, processing and transit between global locations and across multitude of servers.  We can assess your product and solutions –

  • Adequacy of access controls
  • Front and backend data storage mechanisms
  • Encryption of confidential data
  • BCP and consistency of data checks

Data / Fraud Investigation

Finance, Insurance, Banking sectors are faced with the dilemma to ensure that their data contains only authorized transactions only. Worldwide increase in white collar crime forces organizations to investigate into their transactions, approvals and automated processes. For companies faced with such risks data analysis cannot be ignored, as part of regular IS Audits or concurrent auditing.

Our data investigation services include –

CAAT (Computer Assisted Audit tools) approach using IDEA, ACL
Identification of missing controls in processes and systems

Training

Awareness of risks, controls and their implications resulting from IT will make the difference for the organization sustainability. While it is always possible to employee the most suitable manpower, the existing team must upgrade skills to support and align with business strategy. Untrained manpower may be the weakest link. CIO’s must embed in business to truly align IT with businesses. Management and directors will need to understand technology and related issues.

We have conducted workshops in Singapore, Malaysia and India on IT Governance topics. Our people are on list of approved faculty for ISACA, ICAI and iCISA (Govt of India). We invite you to discuss your training requirements -

  • ISO 27001
  • CISA / CISM
  • IT Risks and Management
  • IS Audit & Controls
  • Security policy implementation
  • BCP & DRP
  • CAAT Tools (ACL / IDEA)
  • Custom Requirements

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
Request for a Demo