| |
 |
 |
|
Application Integrity
& Assurance (Program Assurance)
Application Control Assurance
In this service area we examine client’s
software applications to identify any anomalies, process inadequacies
and control weaknesses that encourage defects in the system. These
reviews are conducted to determine application performance with
regard to functionality, security and controls.
Pre-Implementation Review
Pre-implementation application review includes
review of Project Management, Process Integrity, Application
Security, Infrastructure / Production Environment, Data Conversion,
Privacy, Testing, Transition Strategy, Support Strategies.
Such reviews will assist clients during new application development
and/or implementation in an effective and efficient manner.
Post Implementation Review
Post-implementation review (PIR) coverage
mainly includes a review of the extent to which the objectives behind
implementation of a system have been achieved. This includes a post-review
of various aspects of the project, including:
PIR will be performed after the project is completed
and preferably the application should have been running for a few
months for it to be examined.
We further add value to our service through a process of Application
Process Improvement Recommendation to support IT environment
in developing higher quality systems with improved efficiency in
a more cost-effective manner.
Application Technical
& User Documentation
As client IT departments sometime cannot spare
time to complete the documentation, we provide assistance in putting
these together.
Technical documentation
includes documentation of application software based on the standards
and globally recognized best practices for Software Development
Life Cycle
User Documentation
providing detailed descriptions of each feature of the program,
and the various steps required to invoke it.
Environment Sizing
When IT resources are well aligned with business
plan they can support business functions effectively. Excess or
shortage of IT resources can result in complexities and inefficiencies.
Our IRS team performs the review of existing IT infrastructure along
with detailed understanding of current scenario (including transaction
sizing) through discussions with the client to determine and forecast
the optimal future IT infrastructure needs.
Cost Benefit
Analysis of Projects/Technology
We aim to provide a framework for decision
making by understanding the business and aligning the best/profitable
option with business needs. We will perform a review of the development
and implementation costs of the new project/technology so that such
costs can be compared to the benefits associated with the new project/technology.
|
|
Enterprise Information
Risk Assessment
Our risk assessment framework is a business
process focused which aims to provide clients with strategies to
mitigate risks associated with information assets with regard to
availability, confidentiality, integrity, effectiveness and efficiency.
Together with management, we will assess the potential risks to
these requirements and their impact on key information processes
and information resources to adequately develop a plan to mitigate
or monitor risk elements.
IT Operating/Desk
Manuals
We design customized operating/desk manuals
keeping in mind client specifications and industry best practices
to assist clients in acquiring transparency, uniformity and ease
of operations with respect to IT functions. Manuals designed by
us, enable users to grasp clear understanding of the IT operations
and act as a solution provider for any minor/ routine problems
which may occur on a regular basis.
|
|
Information System
Audits
We carry out IS Audits to collect and evaluate
evidences within an entity to determine whether the information
systems and related resources adequately safeguard assets, maintain
data and system integrity, provide relevant and reliable information,
achieve organizational goals effectively, consume resources efficiently,
and have in effect internal controls that provide reasonable assurance
that business, operational and control objectives will be met and
that undesired events will be prevented, or detected, or corrected,
in a timely manner.
|
|
Escrow Agents
For a licensor, escrow is a necessary part
of the business requested by licensees for their own assurance
with regard to resolution of any future need that may arise from
the implemented software.
For a licensee, purchasing applications which are to be used for
a long period and involve high usage of information assets, escrow
will provide the necessary assurance.
We act as a custodian of intellectual IT property that is safe
keeping of source codes, web site or database content, support
documentation etc.
IS Due Diligence
We conduct Information System due diligence
for clients, interested in mergers and acquisition, to evaluate
worth of a certain IS infrastructure forming part of the pre-acquisition/pre-merger
phase. Similarly, by evaluating the technological function during
the post merger phase, we shall identify operational and strategic
risks associated with the investment so that IT function of
the acquired company can be relied on to meet client company’s
business objectives.
IT dimensions
of Basel II
We provide a framework for implementing
a formal, standardized set of IT controls under Basel II which
will be applied in financial services organizations. The outline
of the framework will mainly provide the links between operational
risk and IT risk, and an approach for managing information risk.
Our framework will support the client through Basel II compliance
by providing assistance in:
- IT Governance
- Strategic business and IT alignment
- IT risk management
- IT performance Management
- Stronger IT control frameworks
- Resource Management
- Value delivery & evaluation framework
|
|
| Information
Risk Services
|
|
 |
|
