Today, many of the administrative systems are developed and implemented in and around ERP platforms which means that the IT department is a very central and important player in the internal control process and thus also in the 'Governance process'.
Consequently, it is very important that the management implements neutral risk analyses which map any risk area in which the control is not in compliance with the company’s indicated control targets.
The management will receive an overall report which focuses on the processes and routines for which the control and security must be updated in order to be in balance with the IT Governance Process.
More specifically, the report will map the areas or procedures in which persons in charge of IT and other interested parties must update the control and security in order to be in compliance with the ‘minimum demands’ which are required for professional IT services.
We recommend a practical solution for the processes or routines for which control and security must be improved.
- The report contains a special section which maps the routines or procedures which must be implemented or updated so the ‘control and security environment’ can take into account the future demands to the external audit process.
- Our analyses have been prepared on the basis of the ISO2700x and Cobit concepts which are both globally accepted standards.
The general Information Security in and around the IT functions both central and decentralized
Risk Analysis covering control and security in selected critical business systems and mapping of quality of the existing Business Continuity Plans.
Disaster recovery analyses and verification recovery test
Our analysis will comprise the below 7 domains. For every domain, we have defined specific control targets, which shall and must be incorporated into the organization to ensure balance with ITGovernance.
Analyses are targeted at critical business systems and our analysis model covers the ‘full pallet’ for modern value adding control and security as well as to ensure a ‘continued stable operation’.
In specific areas e.g. ‘disaster recovery test’ our report will contain a ‘road map’ with emphasis on routines and procedures which should be incorporated into the physical implementation of a disaster recovery test from the planning stage to the implementation itself and to the ‘sign off’ procedure for all interested parties