Application Integrity & Assurance (Program Assurance)

Application Control Assurance

In this service area we examine client’s software applications to identify any anomalies, process inadequacies and control weaknesses that encourage defects in the system. These reviews are conducted to determine application performance with regard to functionality, security and controls.

Pre-Implementation Review

Pre-implementation application review includes review of Project Management, Process Integrity, Application Security, Infrastructure / Production Environment, Data Conversion, Privacy, Testing, Transition Strategy, Support Strategies. Such reviews will assist clients during new application development and/or implementation in an effective and efficient manner.

Download Brochure
Information Risk Services
Information Risk Services

Post Implementation Review

Post-implementation review (PIR) coverage mainly includes a review of the extent to which the objectives behind implementation of a system have been achieved. This includes a post-review of various aspects of the project, including:

  • Initial system objectives and functions
  • Project scheduling, planning and milestone management,
  • Procedures for key decision points,
  • Delivery of system functionality and implementation of security and controls in line with user requirements
  • Project Human Resources,
  • Integration with business functions,
  • Program Office, and
  • Compliance with leading practice.


PIR will be performed after the project is completed and preferably the application should have been running for a few months for it to be examined.

We further add value to our service through a process of Application Process Improvement Recommendation to support IT environment in developing higher quality systems with improved efficiency in a more cost-effective manner.

Application Technical & User Documentation

As client IT departments sometime cannot spare time to complete the documentation, we provide assistance in putting these together.

Technical documentation includes documentation of application software based on the standards and globally recognized best practices for Software Development Life Cycle

User Documentation providing detailed descriptions of each feature of the program, and the various steps required to invoke it.

Environment Sizing

When IT resources are well aligned with business plan they can support business functions effectively. Excess or shortage of IT resources can result in complexities and inefficiencies. Our IRS team performs the review of existing IT infrastructure along with detailed understanding of current scenario (including transaction sizing) through discussions with the client to determine and forecast the optimal future IT infrastructure needs.

Cost Benefit Analysis of Projects/Technology

We aim to provide a framework for decision making by understanding the business and aligning the best/profitable option with business needs. We will perform a review of the development and implementation costs of the new project/technology so that such costs can be compared to the benefits associated with the new project/technology.

Enterprise Information Risk Assessment

Our risk assessment framework is a business process focused which aims to provide clients with strategies to mitigate risks associated with information assets with regard to availability, confidentiality, integrity, effectiveness and efficiency. Together with management, we will assess the potential risks to these requirements and their impact on key information processes and information resources to adequately develop a plan to mitigate or monitor risk elements.

IT Operating/Desk Manuals

We design customized operating/desk manuals keeping in mind client specifications and industry best practices to assist clients in acquiring transparency, uniformity and ease of operations with respect to IT functions. Manuals designed by us, enable users to grasp clear understanding of the IT operations and act as a solution provider for any minor/ routine problems which may occur on a regular basis.

Information System Audits

We carry out IS Audits to collect and evaluate evidences within an entity to determine whether the information systems and related resources adequately safeguard assets, maintain data and system integrity, provide relevant and reliable information, achieve organizational goals effectively, consume resources efficiently, and have in effect internal controls that provide reasonable assurance that business, operational and control objectives will be met and that undesired events will be prevented, or detected, or corrected, in a timely manner.

Escrow Agents

For a licensor, escrow is a necessary part of the business requested by licensees for their own assurance with regard to resolution of any future need that may arise from the implemented software.

For a licensee, purchasing applications which are to be used for a long period and involve high usage of information assets, escrow will provide the necessary assurance.

We act as a custodian of intellectual IT property that is safe keeping of source codes, web site or database content, support documentation etc.

IS Due Diligence

We conduct Information System due diligence for clients, interested in mergers and acquisition, to evaluate worth of a certain IS infrastructure forming part of the pre-acquisition/pre-merger phase. Similarly, by evaluating the technological function during the post merger phase, we shall identify operational and strategic risks associated with the investment so that IT function of the acquired company can be relied on to meet client company’s business objectives.

IT dimensions of Basel II

We provide a framework for implementing a formal, standardized set of IT controls under Basel II which will be applied in financial services organizations. The outline of the framework will mainly provide the links between operational risk and IT risk, and an approach for managing information risk.

Our framework will support the client through Basel II compliance by providing assistance in:

  • IT Governance
  • Strategic business and IT alignment
  • IT risk management
  • IT performance Management
  • Stronger IT control frameworks
  • Resource Management
  • Value delivery & evaluation framework
Copyright © 2009 - 2010 SHMA Worldwide - All Rights Reserved.
  • information Risk Services