Information Technology Risk Assurance

Accurate information is essential in any business.

Our team of professionals help organisations address the challenges and opportunities of managing IT risks in a way that is in line with your business strategy by:

Advising clients on the effectiveness of their system controls over financial information systems – and help relieve them of their concerns when it comes to financial reporting;
Evaluating clients’ compliance with the relevant security and control policies, procedures and international best practices;
Helping clients identify, implement, enhance the IT risk management capability, together with design, implement IT risk control solutions that protect their information assets and reduce their compliance cost.

How we can help

Regulation compliance check

We help you effectively manage compliance with organizational policies and regulatory requirements for each industry-specific, such as:

Banking and finance: Circulars prescribe information system security in banking operations
Securities: Circulars provide guidelines for e-transactions on securities market and standards for technical facilities of information technology systems providing online stock trading services.
Insurance: Circulars provide risk management framework, internal control and internal audit of insurance companies, reinsurance companies, branches of foreign non-life insurance companies and branches of foreign reinsurance companies

IT risk resilience

We give you the confidence to take IT risks and better respond to digital disruption or threats and IT governance changes:

Identify a complete set of IT risks portfolio cover all subjects in IT operation such as: human resources, process, technology
Perform overall assessment of the current state for the IT operation and IT risk management
Design an appropriate IT governance and risk management framework to better manage these risks
Organize training, transfer knowledge and improve capacity to identify and manage IT risks

Risk management tool

We support clients to pilot implementation some critical parts in IT risk management framework, such as:

Comprehensive regulations, standards, guidance needed
Develop risk appetite for all categories of risk and in quantifying the risk appetite thresholds. We then help organisations monitor the movement of risks identified through developing KRIs.
Templates to monitor IT risks

Recovery and Resolution planning

Provision of technical advice: We can provide you with advice on the detailed implementation requirements of the critical areas within your recovery plan. For example, conducting a strategic analysis assessment of the group or integration of recovery indicators with your current risk appetite
Draft recovery plan: We will work with key stakeholders, obtain required information and assist in conceptualising your recovery plan. We will then assist in drafting and putting together the full submission required for the recovery plan
Indepedent review of existing recovery plan on methodology, data and process.
Training on technical requirements of the required content in the recovery plan and detailed explanations on the template requirements.

External IT Audit and Outsource Internal IT Audit

Build trust and enhance confidence in the reliability of your IT controls and automated processes:
Perform risk assessment over operating process related to IT systems to identify high risk areas
Identify and validate key controls, imcluding automated controls and IT-dependent controls to meet the control's objectives, as well as any regulatory and compliance requirements
Benchmark the internal control operations against standards such as COBIT, ISO 27001
Provide technology as well as data-driven solutions to deliver more effective and comprehensive coverage thus higher assurance
Build and mature the capabilities of your internal lines of defence to effectively audit your IT controls and processes.

Staff secondment for Internal Audit

We can to help you build your IT Internal Audit capacity with experienced and skilled IT Internal Audit practitioners for an agreed period of time, leveraging on our industry experience and knowledge.

IT audit capability enhancement and training

We can help you to:

Set up an IT internal audit function or advise on internal audit transformation
Develop and enhance your IT internal audit maturity assessment
Develop a framework and relevant IT internal audit methodology to help you evaluate the impact of your internal audit function on the business and the value-added insights you can provide to your organisation
Assist in Internal IT Audit capability building by providing tailored trainings across levels i.e. beginner, intermediate and advanced levels, both including classroom and on-the-job training
Conduct training courses tailored to the needs of your internal audit function

Independent Third party/ vendor assessment

We support clients to identify possible security risks associated with the vendors and how these pitfalls can be mitigated, such as:

Data/privacy risk: Determine whether the vendor will handle or store critical information like customer, donor, or employee information.
Regulatory and compliance risk: Ensure that the vendor complies with regulatory requirements and your organization’s regulations
Operational risk: Review outsourcing arrangements and third parties using established frameworks, such as System and Organisation Controls 2 (SOC2) Trust Service Criteria to ensure compliance to service level agreements (SLA), contractual obligations and requirements.