Governance, Risk and Compliance Services
- Assessment and validation of the internal control system design and effectiveness aimed at safeguarding information systems.
- Detection and assessment of the risks deriving from internal control deficiencies of the main IT processes.
- Gap analysis with reference to the international Best Practices (COBIT and ITIL).
- Definition of recommendations and corrective actions to achieve a level of internal control appropriate for the customer’s needs, including production of the “Internal Control Plan”.
- Assessment and setting of the automated “configurable” controls of the main ERP applications (e.g. SAP).
- Support for the collection, evaluation, design, drafting and testing of business requirements of the main ERP applications, in line with main internal control frameworks and best practices.
- Mapping of the IT assets supporting business processes.
- Assessment of threats and vulnerabilities associated with IT assets.
- Assessment of the “Risk Measure” associated with the business impacts.
- Gap analysis related to the existing security measures.
- Development of the “Strategic Information Security Plan”.
- Implementation of “Enterprise Risk Management” models and procedures.
- Mapping of both business and information technology processes for the identification of critical activities.
- Execution of self-assessments with the process owners, aimed at identifying and assessing risks and control activities.
- Detection of deficiencies in the internal control system and identification of the related corrective actions.
- Design and implementation of the “Audit Plan” aimed at testing controls deemed effective.
- Preparation, according to explicit and shared criteria, of the “Action Plan” pointing out recommendation related to the gaps identified.
- Implementation of fraud risk management models.
- Identification of the processes (Business, Finance and IT) subject to regulation, assessment of non-compliance risks and analysis of the internal control system.
- Gap analysis with reference to the control framework requested by the regulations.
- Test on detected (existing) controls and implementation of the related Remediation Plan.
- Remediation Plan effectiveness follow-up.
- Implementation of a monitoring and reporting system supporting top management’s decisions.
Fraud Auditing activities.
- Audit and implementation of both procedural and IT Segregation of Duties (SOD) models.
As part of the EU Regulation 2016/679 General Data Protection Regulation, we are able to offer consultancy and technological support:
- DPO support activities (co-sourcing of the DPO function).
- Audit on the privacy management system pursuant to EU Regulation 2016/679.
- Software Solutions – GDPR Platform.
Under the 262/05 and Sarbanes Oxley Act regulations, we are able to offer the following consultancy support:
- Design and implementation of compliance models and procedures (mapping of Business and IT processes, design of key controls, production of narratives, flowcharts and RACI matrices, drafting of “Test of Design” and “Test of Effectiveness” plans.
- Execution of controls testing activities.
- Audit and Gap Analysis of the existing compliance model.
- Identification and establishment of methodological and organizational frameworks for business continuity management.
- Drafting of Business Impact Analysis (BIA) for crisis scenarios related to critical business processes.
- Implementation of the complete set of policies and procedures necessary to ensure business continuity, including operating procedures and the “Control Plan” to assess the effectiveness of technical and organizational measures.
- Audit on the effectiveness of business continuity plans.
- Production of corporate policies and procedures about the main business processes (accounts payable and accounts receivables, financial statements, payroll, warehouse / inventory management, management control and reporting, etc.).
- Design of Corporate Governance models (organization charts, roles, responsibilities, corporate / business unit missions and objectives, corporate / business unit KPI definition and measurement).
- Design of Management by Objectives (MBO) models.
We provide customized courses on the following topics in response to our customers’ needs:
- COBIT ™ 5/2019 Foundation.
- ISO 27001 Lead Auditor.
- ISO 22301 Lead Auditor.
- Main international IT Service Management frameworks.
- Main international project management frameworks.
- Information Security & Privacy Awareness.
Finance department advisory
- Support in financial statements consolidation and financial reporting in compliance with Italian accounting standards, IFRS/IAS, and US GAAP.
- Execution of finance and accounting activities for specific agreed purposes (analysis of specific accounting items such as trade receivables, trade payables, potential liabilities, risk provisions, inventory accounting, etc.).
- Identification of tax credit opportunities based on the existing tax laws and regulations (e.g., development and innovation credits, Patent Box, subsidy measures so-called Industry 4.0, etc.).
- Support in “Forensic Accounting and Auditing” activities.
- Evaluation of investment opportunities in specific business lines in terms of economic performance and compatibility with the current Business Model (“Fairness Opinion” and other opinion reports).
- Design, drafting and certification of Business Plans.
- Support in the definition of the management control and reporting model, including the design of functional requirements for the implementation of IT systems and dashboards that support decision-making.
- Support in the drafting and consolidation of budgets, cost and revenue analysis, business performance reviews, profit/loss analysis.
- Support in the design of analytical accounting (cost centers, profit centers, drivers, standard costs, etc.).