Risk assurance

Information security/Cybersecurity & IT risk

By analysing enterprise IT threats and risks through governance, compliance, and identification, while also providing a range of solutions relating to the protection of sensitive personal information is critical in today’s environment.

We help clients understand the frameworks around IT risk, security and data privacy; to enhance an organisation’s ability to safeguard sensitive data. In our recommendations we provide risk reduction strategies for cloud computing, mobile devices, and social media. We assess exposure by performing Attack & Penetration and Security Diagnostic assessments, and we also provide specialised technical expertise to augment Internal Audit teams, and support investigations and responses to security incidents.

Enterprise systems risk and controls

We help clients optimally leverage ERP technologies, and their investments in SAP and Oracle solutions by conducting assessments to help manage risks associated with business processes, security, and compliance.  Additionally, we conduct a  holistic assessment of risks that could compromise achievement of an IT project’s desired business and/or control outcomes.

We assess the integration of controls and security during ERP transformation projects to thoroughly enable ERP automation; assess controls optimisation in existing ERP solutions to reduce costs and manual activities; and assess/recommend solutions for ERP application security and controls – including SAP and Oracle security assessments. We enable early identification of key risks and issues to help avoid costly rework or delays. We provide an objective and transparent perspective of risks and realisation of business benefits, and alignment of project scope with business objectives with stakeholder expectations.

Third party risk assurance and reports over controls and beyond

Through the use of attestation reports (SOC 1, SOC 2, SOC 3, SSAE 16, Agreed Upon Procedures, etc.), we providing transparency to companies over their clients’ outsourced functions/processes that impact their clients’ financial transactions or operational and compliance areas of focus such as security, availability, and Privacy.

We provide assurance/comfort to clients of service organisations utilising attestation reports, and we help reduce the need for client audits and on-site visits. We build trust and drive competitive advantage through transparent controls reporting, and enable compliance with certain contractual commitments and regulatory requirements. 

Enterprise-wide risk management services

Risk management assessments and implementation assistance

We help clients assess and develop customised frameworks based upon the clients’ unique risk profile and needs, and helping them to efficiently execute their risk management programme. We perform a thorough understanding of enterprise-wide risk profiles; and alignment of risk programmes, metrics, and functions with corporate strategy. We provide a consistent approach to identifying, analysing, and responding to risk; and we transfer of risk management knowledge to clients’ personnel.

Risk assessment (enterprise, business unit, emerging)

We assist clients with their approach, planning, and execution of the risk assessment process. This is performed at the enterprise level, business unit level, and/or focused on emerging risks, for internal audit planning or over strategic business risk identification and mitigation.

Business continuity management (“BCM”) programme assessment

We conduct assessments of the relevant elements of our clients’ business continuity management programme and provide recommendations to strengthen same. We provide pragmatic, actionable, and risk-ranked improvement items and implementation road maps which enhance the client’s business continuity and IT disaster recovery programmes. We support the implementation of BCM, and ensure knowledge transfer and increased confidence of client staff in the performance of BCM activities.

BCM Programme implementation assistance, testing, and maintenance

We develop and facilitate business continuity plans that are aligned with relevant risk. Sustainable business continuity programmes are created and maintained, and are aligned with continuity and crisis management exercises to assess crisis event preparedness. We impart the right knowledge upon business continuity plan owners and those responsible for the program’s maintenance to increase awareness and familiarity with their roles and responsibilities.

Disaster recovery planning

We assist IT with the development of disaster recovery plans surrounding restoring critical IT services, infrastructure and applications. We align the IT disaster recovery program with the organization's requirements for technology resiliency, recoverability, and overall business continuity management. 

Fraud risk mitigation

Fraud risk & controls assessments

We perform fraud risk assessments to identify vulnerability to fraud and perform fraud audits in high risk areas to help detect fraud early. We provide advice on the prevention of fraud and appropriate fraud response measures, to assist with the proactive strengthening of controls to detection of fraud before it becomes a major problem.

We also conduct training workshops on accountability and governance, risk management and fraud awareness.

Regulatory compliance and anti-money laundering

Regulatory compliance assessment

We perform assessments of an entity’s compliance with relevant regulations, particularly in the financial services sector, and provide recommendations for improvement in regulatory compliance procedures and controls.

Corporate compliance program build

We assist clients with the evaluation and build out of their corporate compliance programmes; and we test a new or improved compliance function and support the control environment.

We can also help clients develop policies, guidelines, handbooks, and supporting tools towards strengthening their regulatory environment.