- Assessment and validation of the internal control system design and effectiveness aimed at safeguarding information systems.
- Detection and assessment of the risks deriving from internal control deficiencies of the main IT processes.
- Gap analysis with reference to the international Best Practices (COBIT and ITIL).
- Definition of recommendations and corrective actions to achieve a level of internal control appropriate for the customer’s needs, including production of the “Internal Control Plan”.
- Assessment and setting of the automated “configurable” controls of the main ERP applications (e.g. SAP).
- Support for the collection, evaluation, design, drafting and testing of business requirements of the main ERP applications, in line with main internal control frameworks and best practices.
- Mapping of the IT assets supporting business processes.
- Assessment of threats and vulnerabilities associated with IT assets.
- Assessment of the “Risk Measure” associated with the business impacts.
- Gap analysis related to the existing security measures.
- Development of the “Strategic Information Security Plan”.
- Implementation of “Enterprise Risk Management” models and procedures.
- Mapping of both business and information technology processes for the identification of critical activities.
- Execution of self-assessments with the process owners, aimed at identifying and assessing risks and control activities.
- Detection of deficiencies in the internal control system and identification of the related corrective actions.
- Design and implementation of the “Audit Plan” aimed at testing controls deemed effective.
- Preparation, according to explicit and shared criteria, of the “Action Plan” pointing out recommendation related to the gaps identified.
- Implementation of fraud risk management models.
- Identification of the processes (Business, Finance and IT) subject to regulation, assessment of non-compliance risks and analysis of the internal control system.
- Gap analysis with reference to the control framework requested by the regulations.
- Test on detected (existing) controls and implementation of the related Remediation Plan.
- Remediation Plan effectiveness follow-up.
- Implementation of a monitoring and reporting system supporting top management’s decisions.
Fraud Auditing activities.
- Audit and implementation of both procedural and IT Segregation of Duties (SOD) models.
As part of the EU Regulation 2016/679 General Data Protection Regulation, we are able to offer consultancy and technological support:
- DPO support activities (co-sourcing of the DPO function).
- Audit on the privacy management system pursuant to EU Regulation 2016/679.
- Software Solutions – GDPR Platform.
Under the 262/05 and Sarbanes Oxley Act regulations, we are able to offer the following consultancy support:
- Design and implementation of compliance models and procedures (mapping of Business and IT processes, design of key controls, production of narratives, flowcharts and RACI matrices, drafting of “Test of Design” and “Test of Effectiveness” plans.
- Execution of controls testing activities.
- Audit and Gap Analysis of the existing compliance model.
- Identification and establishment of methodological and organizational frameworks for business continuity management.
- Drafting of Business Impact Analysis (BIA) for crisis scenarios related to critical business processes.
- Implementation of the complete set of policies and procedures necessary to ensure business continuity, including operating procedures and the “Control Plan” to assess the effectiveness of technical and organizational measures.
- Audit on the effectiveness of business continuity plans.
We provide customized courses on the following topics in response to our customers’ needs:
- COBIT ™ 5/2019 Foundation.
- ISO 27001 Lead Auditor.
- ISO 22301 Lead Auditor.
- Main international IT Service Management frameworks.
- Main international project management frameworks.
- Information Security & Privacy Awareness.