Controlling Technology & Process Risk
The scale of investment in technology and business systems in support of an organisation's core processes is significant and continues to grow. The extent of reliance placed on these systems and the capacity for influencing the integrity of a process results in significant scrutiny by executive management and assurance providers.
There are two major drivers for an organisation to identify process and technology risks and to leverage automated controls for mitigation:
- An assurance, audit or regulatory objective.
- An improvement agenda driven by the IT organisation through adoption of frameworks such as CoBIT® and ITIL®.
In achieving these objectives we typically help organisations plan and execute reviews such as:
- Risk and control reviews of core business processes as supported by major business systems
- IT general controls assessments
- Disaster recovery & business continuity assessments
- Data migration and reconciliation efforts
- Application level user security
Beyond simple execution of these risk and control programmes we extend our service for organisations seeking to improve outcomes beyond an annual review and reporting exercise.
We do this by keeping in mind:
- Assurance providers will leverage automated controls extensively if the relationship between controls and their (financial statement) objectives can be clearly demonstrated.
- Improvements to IT controls including IT general controls should be framed in the context of the IT organisations improvement agenda such as the pursuit of ITIL®.
- Developing a risk and control framework encompassing permanent awareness of process risks and associated controls leads to sustainability, improved reporting and better risk management outcomes.
- Working through the overlaps in mandatory compliance and regulatory requirements (e.g., Sarbanes Oxley, Financial Statement Audit, and Internal Audit) and leveraging more of the automated controls already available in your environment.
Our experience in this area is extensive. We have credible insights and proven approaches to delivering outcomes in this area.