Governance, Risk and Compliance Services
IT Governance
- Assessment and validation of the internal control system design and effectiveness aimed at safeguarding information systems.
- Detection and assessment of the risks deriving from internal control deficiencies of the main IT processes.
- Gap analysis with reference to the international Best Practices (COBIT and ITIL).
- Definition of recommendations and corrective actions to achieve a level of internal control appropriate for the customer’s needs, including production of the “Internal Control Plan”.
- Assessment and setting of the automated “configurable” controls of the main ERP applications (e.g. SAP).
- Support for the collection, evaluation, design, drafting and testing of business requirements of the main ERP applications, in line with main internal control frameworks and best practices.
Information & Cyber Security
- Mapping of the IT assets supporting business processes.
- Assessment of threats and vulnerabilities associated with IT assets.
- Assessment of the “Risk Measure” associated with the business impacts.
- Gap analysis related to the existing security measures.
- Development of the “Strategic Information Security Plan”.
IT Risk Management
- Implementation of “Enterprise Risk Management” models and procedures.
- Mapping of both business and information technology processes for the identification of critical activities.
- Execution of self-assessments with the process owners, aimed at identifying and assessing risks and control activities.
- Detection of deficiencies in the internal control system and identification of the related corrective actions.
- Design and implementation of the “Audit Plan” aimed at testing controls deemed effective.
- Preparation, according to explicit and shared criteria, of the “Action Plan” pointing out recommendation related to the gaps identified.
- Implementation of fraud risk management models.
IT Audit & Compliance
- Identification of the processes (Business, Finance and IT) subject to regulation, assessment of non-compliance risks and analysis of the internal control system.
- Gap analysis with reference to the control framework requested by the regulations.
- Test on detected (existing) controls and implementation of the related Remediation Plan.
- Remediation Plan effectiveness follow-up.
- Implementation of a monitoring and reporting system supporting top management’s decisions.
Fraud Auditing activities. - Audit and implementation of both procedural and IT Segregation of Duties (SOD) models.
DORA related services
As part of the DORA Regulation – Digital Operational Resilience Act, we are able to offer both consultancy and technological support:
- Execution of Assessment, GAP Analysis and Audit activities, aimed at evaluating the level of compliance with the requirements imposed by the DORA Regulation, as well as the related control system.
- Review/formalization of the internal regulatory system (Policies, procedures, operational models and other documents required by law) in line with the requirements of the Regulation and with the reference best practices, including the review/drafting of organizational charts, function charts and finalized job descriptions to define the organizational structure (roles and responsibilities) of digital operational resilience, in compliance with the requirements of the Regulation.
- Continuous execution of the actions identified in the first and second project phases, with the aim of making the digital operational resilience models, guidelines, procedures and control measures defined in the internal regulatory system operational, in compliance with the requirements imposed by the Regulation.
- Assuming responsibility for the management and monitoring of IT risks ensuring an appropriate level of independence.
GDPR related services
As part of the EU Regulation 2016/679 General Data Protection Regulation, we are able to offer consultancy and technological support:
- DPO support activities (co-sourcing of the DPO function).
- Audit on the privacy management system pursuant to EU Regulation 2016/679.
- Training.
- Software Solutions – GDPR Platform.
Compliance with 262/05 and Sarbanes Oxley Act regulations
Under the 262/05 and Sarbanes Oxley Act regulations, we are able to offer the following consultancy support:
- Design and implementation of compliance models and procedures (mapping of Business and IT processes, design of key controls, production of narratives, flowcharts and RACI matrices, drafting of “Test of Design” and “Test of Effectiveness” plans.
- Execution of controls testing activities.
- Audit and Gap Analysis of the existing compliance model.
Business Continuity
- Identification and establishment of methodological and organizational frameworks for business continuity management.
- Drafting of Business Impact Analysis (BIA) for crisis scenarios related to critical business processes.
- Implementation of the complete set of policies and procedures necessary to ensure business continuity, including operating procedures and the “Control Plan” to assess the effectiveness of technical and organizational measures.
- Audit on the effectiveness of business continuity plans.
CORPORATE GOVERNANCE
- Production of corporate policies and procedures about the main business processes (accounts payable and accounts receivables, financial statements, payroll, warehouse / inventory management, management control and reporting, etc.).
- Design of Corporate Governance models (organization charts, roles, responsibilities, corporate / business unit missions and objectives, corporate / business unit KPI definition and measurement).
- Design of Management by Objectives (MBO) models.
Dedalo Academy: Training and Coaching
We provide customized courses on the following topics in response to our customers’ needs:
- COBIT ™ 5/2019 Foundation.
- ISO/IEC 27001 PRACTITIONER – INFORMATION SECURITY OFFICER.
- ISO/IEC 27001 AUDITOR.
- Auditor ISO 22301.
- Main international IT Service Management frameworks.
- Main international project management frameworks.
- Information Security & Privacy Awareness.
- Information Security & GDPR Awareness.
Dedalo is an Accredited Training Organization (ATO) at APMG-International for the provision of courses and certification exams on the international standard ISO/IEC 27001.
The APMG International ISO/IEC 27001 and Swirl Device logos are a trademark of The APM Group Limited, used under permission of The APM Group Limited. All rights reserved.
Our brochure
Download
Finance department advisory
Accounting and business advisory
- Support in financial statements consolidation and financial reporting in compliance with Italian accounting standards, IFRS/IAS, and US GAAP.
- Execution of finance and accounting activities for specific agreed purposes (analysis of specific accounting items such as trade receivables, trade payables, potential liabilities, risk provisions, inventory accounting, etc.).
- Identification of tax credit opportunities based on the existing tax laws and regulations (e.g., development and innovation credits, Patent Box, subsidy measures so-called Industry 4.0, etc.).
- Support in “Forensic Accounting and Auditing” activities.
- Evaluation of investment opportunities in specific business lines in terms of economic performance and compatibility with the current Business Model (“Fairness Opinion” and other opinion reports).
- Design, drafting and certification of Business Plans.
Management control
- Support in the definition of the management control and reporting model, including the design of functional requirements for the implementation of IT systems and dashboards that support decision-making.
- Support in the drafting and consolidation of budgets, cost and revenue analysis, business performance reviews, profit/loss analysis.
- Support in the design of analytical accounting (cost centers, profit centers, drivers, standard costs, etc.).