Consult Services
Governance Controls

Today, many of the administrative systems are developed and implemented in and around ERP platforms which means that the IT department is a very central and important player in the internal control process and thus also in the 'Governance process'.

Consequently, it is very important that the management implements neutral risk analyses which map any risk area in which the control is not in compliance with the company’s indicated control targets.

Output From The Analysis

The management will receive an overall report which focuses on the processes and routines for which the control and security must be updated in order to be in balance with the IT Governance Process.

More specifically, the report will map the areas or procedures in which persons in charge of IT and other interested parties must update the control and security in order to be in compliance with the ‘minimum demands’ which are required for professional IT services.

We recommend a practical solution for the processes or routines for which control and security must be improved.

  • The report contains a special section which maps the routines or procedures which must be implemented or updated so the ‘control and security environment’ can take into account the future demands to the external audit process.
  • Our analyses have been prepared on the basis of the ISO2700x and Cobit  concepts which are both globally accepted standards.
Our Group Offers To Prepare The 3 Following Analyses Covering

The general Information Security in and around the IT functions both central and decentralized

Risk Analysis covering control and security in selected critical business systems and  mapping of quality of  the existing Business Continuity Plans.

Disaster recovery  analyses and verification recovery test

Our analysis will comprise the below 7 domains. For every domain, we have defined specific control targets, which shall and must be incorporated into the organization to ensure balance with ITGovernance.

Analyses are targeted at critical business systems and our analysis model covers the ‘full pallet’ for modern value adding control and security as well as to ensure a ‘continued stable operation’.

In specific areas e.g. ‘disaster recovery test’ our report will contain a ‘road map’ with emphasis on routines and procedures which should be incorporated into the physical implementation of a disaster recovery test from the planning stage to the implementation itself and to the ‘sign off’ procedure for all interested parties

Our output report include
Our output report include
Our output report include
  • Assets management
  • Human ressource
  • Physical and Environmental
  • Operations management
  • Access controls
  • System development and maintenance
  • Business Continuity Management
  • Maps the quality of the existing control
  • Maps the risks . Contains a practical solution in the areas and procedures in which the control should be improved to reduce the risk
  • Assess Service Level Agreements
  • Documentation Level of Recovery
  • Frequency performances
  • Segregation of Duties
  • Readyness