INFORMATION SYSTEMS AUDITS

An IT audit is different from a financial statement audit. While a financial audit's purpose is to evaluate whether an organization is adhering to standard accounting practices, the purposes of an IT audit are to evaluate the system's internal control design and effectiveness. This includes, but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight. Installing controls are necessary but not sufficient to provide adequate security. People responsible for security must consider if the controls are installed as intended, if they are effective if any breach in security has occurred and if so, what actions can be done to prevent future breaches. These inquiries must be answered by independent and unbiased observers. These observers are performing the task of information systems auditing. In an Information Systems (IS) environment, an audit is an examination of information systems, their inputs, outputs, and processing.

CORE BANKING SOFTWARE(CBS) CONSULTANCY

Isafe undertakes end-to-end consultancy to assist banks in acquisition, customization and implementation of CBS till go-live of the system. The contribution of Isafe can be in various phases of a CBS project such as Preparation of requirement specifications, Preparation of RFP documents, Evaluation of CBS products, Evaluation of data centre / DR site hardware and software, Evaluation of networking and web connectivity solutions, Evaluation of ATMs, Customization of CBS products to the bank needs, validations, controls and compliance, Implementation of CBS solutions, Installation of data centres / DR sites and ATMs,Migration of legacy data to CBS applications,Advice on parallel run and go-live of CBS systems, ATMs and allied systems

DATABASE MIGRATION AUDITS

Databases need to be migrated when principal business application systems like ERP, CBS etc. of an organization are changed / upgraded. Migration audit verifies not just the authenticity of numbers during a migration, but also the evolution of the structures, parameters, masters etc. with an eye on what features are improved in destination system as well as what features are planned to be retained from legacy system. Migration tests are designed specifically for each assignment based on the database structures, automation and extent of migration

ERP TECHNOFUNCTIONAL AUDITS

The ERP techno functional audit of application software mainly covers the examination of adherence to business rules in the flow and accuracy in processing, validations of various data inputs, logical access control / authorization, security configurations and exception handling / logging among other areas based on the client requirements.

ERP IMPLEMENTATIONCONSULTANCY

ERP implementation consulting is an assignment covering end-to-end assistance to the client organization as well as external stakeholders like developers etc. The objectives are to incorporate in the ERP, organization-specific business processes, validations and controls. Various phases in these projects are understanding of best practices and programming methodologies of various ERP offerings, evaluation of designand configuration needs, alignment of ERP design to the business objectives / policies / processes, risks and controls to mitigate them, managing the program during entire development life cycle, monitoring milestones / resource management / overall value management and finally follow up / Handholding.

STATUTORY COMPLIANCE AUDITS (SARBANES OXLEY ACT, SSAE 16 ETC.)

Internal controls of an organizations need now an unequivocal certification by key management personnel and auditors to the satisfaction of regulators and owning members of public. We offer consultancy solutions which will include design and operational effectiveness assessments of internal control over financial reporting on behalf of management and appropriate documentation of the same.

IMPLEMENTATION OF ISO STANDARDS ((ISO 27000, ISO 20000, ISO 22301)

International standards like ISO9000 for Quality Management, ISO27001 for Information Security Management, ISO20000 for IT Service Management, and ISO22301 for Business Continuity Management etc. can be implemented in organizations for excellence in service delivery, information security and for benchmarking the client organization with world class organizations and their processes.

BUSINESS CONTINUITY AND DISASTER RECOVERY POLICIES

Business Continuity has assumed great significance in the current environment whether a commercial / business oriented or service oriented. The significance is due to increased reliance of businesses or services on external factors beyond their domain of control or understanding. To mention a few, high reliance on technology, outsourcing, diversifying, political factors, exponential growth, increased customer awareness, higher customer expectation, increased reach of a customer for information, increased regulations and the like, the list can go on. Business continuity standardization evolves with ISO 22301 by adding:

  • Greater emphasis on setting the objectives,monitoring performance and metrics;
  • Clearer expectations on management;
  • More careful planning for and preparing the resources needed for ensuring business continuity;

IMPLEMENTATION OF IT GOVERNANCE FRAMEWORK (COBIT 5)

COBIT 5 implementation in organizations will result in following benefits.

  • COBIT 5 helps them get more value from both information and technology.
  • COBIT 5 s globally accepted principles, practices, analytical tools and models are designed for business executives , not just IT leaders.
  • COBIT 5 helps them address the needs of stakeholders across the enterprise and clarify goals for more effective decision making.
  • COBIT 5 helps bring order to complex standards, regulations and frameworks
  • COBIT 5 represents the collective wisdom of global experts.

IT ARCHITECTURE DESIGN, STUDY AND OPTIMIZATION, BUSINESS AND IT PROCESS REENGINEERING

Companies generally want to create / recreate IT architecture due to change of ERP, following mergers & acquisitions, expansion, diversification or new green field projects. An initiative of business / IT process reengineering is also undertaken with such initiatives. Process reengineering is also under taken independently for bolstering internal controls, capability optimization and so on. Consulting assistance in these initiatives can fulfil the objectives more easily economically and quickly.

RISK ASSESSMENT & ESTABLISHMENT OF A RISK MANAGEMENT PROCESS

Our risk assessment consulting as well as assistance in total risk management solutions takes the best practices from COSO, the enterprise risk management framework, BASEL framework for banking organizations and RISKIT framework for IT risk scenarios as applicable and advantageous to client organizations. On the top of risk assessment, design and implementation of controls, creating and maintaining risk indicators / control metrics and monitoring the risk management environment for efficacy and compliance are our speciality.

PREPARATION OF IT STRATEGY, POLICIES, PLANS AND PROCEDURES

Policies reflect an organizations logical progression from working in an ad-hoc manner to one where people are following common and consistent processes. A policy reflects organization's desire for everyone to perform a specific function in a specific way. Policies help everyone understand how to do things, and they help managers understand the framework in which they can manage. Policies are developed and are they are important for two main reasons. First, Working more effectively under company best practices and secondly, working more efficiently through process reuse. We have extensive experience in creating policies that will streamline your business processes, help business objectives and promote compliance.

LINES OF BUSINESS:

© Copyright isafe.