Information Systems Assurance

Information Systems Assurance

Recently, the world of risk has evolved becoming more volatile and with fast-changing technology, many organizations are being left increasingly vulnerable. It is much harder to predict where new risks will come from. We advise our clients on the need to be aware of their information risks, how these risks could possibly a ect their business goals and how to develop the agility to deal with new threats as they arise.

Among the information protection services we provide are;

  1. Information Technology Audits
    In an age where companies across markets and industries depend heavily on technology to operate successfully, we play an increasingly important role in helping companies manage and respond to risks thus creating optimal control environments that drive pro tability. We engage throughout all compo- nents and phases of the audit, from strategic analysis to risk assessment to planning, execution to reporting and assist our clients understand IT risks and the impact these risks can have on their business.
  2. Cyber Security
    Cyber-attacks and data leakage are threats to organizations globally. We help organizations apply appropriate information security measures by providing ongoing con dentiality, integrity, availability, and protection of their information assets. This is achieved by working with our clients to comprehensively evaluate and optimize the following elements of cyber security:
    – Application security
    – Infrastructure security (network, databases, operating systems)
    – Security awareness
    – Network security
    – Resilience
    Some of the services we offer under cyber security include;
    a. Security Policy Formulation
    We assist organizations in development of their security policies and accompanying standards, proce- dures and guidelines. Our work is benchmarked against leading frameworks and standards such as ISO
    27000 series, NIST, COBIT and PCI DSS.
    b. Vulnerability Assessments
    Vulnerability Assessment is a service where together with our client; we de ne, identify, and classify the security holes (vulnerabilities) in a computing environment, network, or communications infrastructure. This analysis will forecast the e ectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.
    c. Penetration Testing Reviews
    We assist the client determine security weaknesses of their information technology infrastructure by testing the computing environment, network and web applications to find vulnerabilities that an attacker could exploit. The process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
    d. Managed Security Service
    We offer managed security services where we proactively review the client’s audit logs and monitoring system event reports and provide reports on anomalies on a near real time basis. Quarterly trends are also issued to guide management on various cyber security decisions that may need to be taken to secure the information assets.
  3. Systems Implementation Assurance
    The success, reputation and value of a company can be positively influenced by the consistent achievement of system implementation objectives and outcomes. In an environment where accountability for success is heightened, requirements are more complex and regulatory pressures are escalating, achieving system implementation outcomes and satisfying stakeholders has become increasingly important and challenging.
    Our systems implementation assurance services are tailored to meet the unique risks of the client’s project and may include one or more of the following types of reviews:
    Project Risk Assessment: completion of a risk assessment at any phase of the project to identify key project risks and areas for management focus;
    Pre – Implementation Review: the review of the resources, project plans, timelines, centrals design, blueprints and implementation plans, and data conversion techniques prior to the implementation activities to provide comfort around the project prior to commencement;
    Milestone Reviews: the review of the system implementation from compliance standpoint (accounting, tax and legal requirements); the functionality analysis against blueprint assumptions; the health check of the parameters relating to security and segregation of duties; the review of the configuration of key automated procedures and centrals within the business processes; independent testing of data migration for its completeness and accuracy;
    Go-Live Assessment: the performance of a health check (pre go-live) to determine whether project plans, testing and other key implementation project activities, including system security and compliance with laws and regulations, have been successfully compelled prior to cutting over to the new system;
    Post – Implementation Review: review and verification that the planned outcomes defined in the earlier stages of the project are in place and operating, and that intended project, control and business benefits have been realized.
  4. IT Risk Consulting
    Risk Consulting helps management make well-informed decisions. Amid an evolving regulatory environment and increased oversight pressures, there is increased focus to manage risks while balancing revenue growth and expenses. Managing IT risk and compliance has become even more critical, as IT failures can lead to reputational damage, customer and market valuation loss, and an increase in privacy issues and high-profile legal exposure. In this environment, enhancing IT controls is crucial to help ensure businesses are managed and controlled appropriately, and are functioning reliably.
    We help clients assess, manage, and remediate IT-related risk to drive sustainable business value. We accomplish this by helping organizations demonstrate e ective IT compliance through governance and controls, data integrity, security and privacy.
    Some of the services we offered under IT Risk Consulting include;

a. Enterprise Risk Assessments
b. Regulatory Compliance Reviews c. Business Continuity Reviews
d. Data Quality and Analytics Services

Write a Reply or Comment