We deliver quality services and solutions through accurate preliminary analysis, aimed at tailoring them to meet our customers’ needs and to timely achieve agreed goals and objectives

Governance, Risk and Compliance Services

  • IT Governance

    • Assessment and validation of the internal control system design and effectiveness aimed at safeguarding information systems.
    • Detection and assessment of the risks deriving from internal control deficiencies of the main IT processes.
    • Gap analysis with reference to the international Best Practices (COBIT and ITIL).
    • Definition of recommendations and corrective actions to achieve a level of internal control appropriate for the customer’s needs, including production of the “Internal Control Plan”.
    • Assessment and setting of the automated “configurable” controls of the main ERP applications (e.g. SAP).
    • Support for the collection, evaluation, design, drafting and testing of business requirements of the main ERP applications, in line with main internal control frameworks and best practices.
  • Information & Cyber Security

    • Mapping of the IT assets supporting business processes.
    • Assessment of threats and vulnerabilities associated with IT assets.
    • Assessment of the “Risk Measure” associated with the business impacts.
    • Gap analysis related to the existing security measures.
    • Development of the “Strategic Information Security Plan”.
  • IT Risk Management

    • Implementation of “Enterprise Risk Management” models and procedures.
    • Mapping of both business and information technology processes for the identification of critical activities.
    • Execution of self-assessments with the process owners, aimed at identifying and assessing risks and control activities.
    • Detection of deficiencies in the internal control system and identification of the related corrective actions.
    • Design and implementation of the “Audit Plan” aimed at testing controls deemed effective.
    • Preparation, according to explicit and shared criteria, of the “Action Plan” pointing out recommendation related to the gaps identified.
    • Implementation of fraud risk management models.
  • IT Audit & Compliance

    • Identification of the processes (Business, Finance and IT) subject to regulation, assessment of non-compliance risks and analysis of the internal control system.
    • Gap analysis with reference to the control framework requested by the regulations.
    • Test on detected (existing) controls and implementation of the related Remediation Plan.
    • Remediation Plan effectiveness follow-up.
    • Implementation of a monitoring and reporting system supporting top management’s decisions.
      Fraud Auditing activities.
    • Audit and implementation of both procedural and IT Segregation of Duties (SOD) models.
  • GDPR related services

    As part of the EU Regulation 2016/679 General Data Protection Regulation, we are able to offer consultancy and technological support:

    • DPO support activities (co-sourcing of the DPO function).
    • Audit on the privacy management system pursuant to EU Regulation 2016/679.
    • Training.
    • Software Solutions – GDPR Platform.
  • Compliance with 262/05 and Sarbanes Oxley Act regulations

    Under the 262/05 and Sarbanes Oxley Act regulations, we are able to offer the following consultancy support:

    • Design and implementation of compliance models and procedures (mapping of Business and IT processes, design of key controls, production of narratives, flowcharts and RACI matrices, drafting of “Test of Design” and “Test of Effectiveness” plans.
    • Execution of controls testing activities.
    • Audit and Gap Analysis of the existing compliance model.
  • Business Continuity

    • Identification and establishment of methodological and organizational frameworks for business continuity management.
    • Drafting of Business Impact Analysis (BIA) for crisis scenarios related to critical business processes.
    • Implementation of the complete set of policies and procedures necessary to ensure business continuity, including operating procedures and the “Control Plan” to assess the effectiveness of technical and organizational measures.
    • Audit on the effectiveness of business continuity plans.

    • Production of corporate policies and procedures about the main business processes (accounts payable and accounts receivables, financial statements, payroll, warehouse / inventory management, management control and reporting, etc.).
    • Design of Corporate Governance models (organization charts, roles, responsibilities, corporate / business unit missions and objectives, corporate / business unit KPI definition and measurement).
    • Design of Management by Objectives (MBO) models.
  • Dedalo Academy: Training and Coaching

    We provide customized courses on the following topics in response to our customers’ needs:

    • COBIT ™ 5/2019 Foundation.
    • ISO/IEC 27001 AUDITOR.
    • Auditor ISO 22301.
    • Main international IT Service Management frameworks.
    • Main international project management frameworks.
    • Information Security & Privacy Awareness.
    • Information Security & GDPR Awareness.

    Dedalo is an Accredited Training Organization (ATO) at APMG-International for the provision of courses and certification exams on the international standard ISO/IEC 27001.

    The APMG International ISO/IEC 27001 and Swirl Device logos are a trademark of The APM Group Limited, used under permission of The APM Group Limited. All rights reserved.

Our brochure



Finance department advisory

  • Accounting and business advisory

    • Support in financial statements consolidation and financial reporting in compliance with Italian accounting standards, IFRS/IAS, and US GAAP.
    • Execution of finance and accounting activities for specific agreed purposes (analysis of specific accounting items such as trade receivables, trade payables, potential liabilities, risk provisions, inventory accounting, etc.).
    • Identification of tax credit opportunities based on the existing tax laws and regulations (e.g., development and innovation credits, Patent Box, subsidy measures so-called Industry 4.0, etc.).
    • Support in “Forensic Accounting and Auditing” activities.
    • Evaluation of investment opportunities in specific business lines in terms of economic performance and compatibility with the current Business Model (“Fairness Opinion” and other opinion reports).
    • Design, drafting and certification of Business Plans.
  • Management control

    • Support in the definition of the management control and reporting model, including the design of functional requirements for the implementation of IT systems and dashboards that support decision-making.
    • Support in the drafting and consolidation of budgets, cost and revenue analysis, business performance reviews, profit/loss analysis.
    • Support in the design of analytical accounting (cost centers, profit centers, drivers, standard costs, etc.).
  • Security Operation Center

    Dedalo is equipped with a Service Operation Center to provide services aimed at assessing the IT Security level of our customers.

    Moreover, our SOC provides “Incident Response” services performing CSIRT function (Computer Security Incident Response Team)

Our Solutions


    We are equipped with a remote data collection infrastructure and a Security Consultant team, able of consolidating, selecting, interpreting and correlating the data produced by the Vulnerability Management systems in place at our customers.
    Our Security Operation Center (SOC) monitors the information incoming from the agents installed on the customer’s network. This information is transmitted securely via VPN.


    We have developed the web-based IT solution CR.AA.M. to offer compliance risk assessment and monitoring services. The application, based on web architecture, allows for example:

    • archiving and consultation of regulations
    • historicization of the checks carried out (check-ups)
    • management of compliance check-ups on individual regulatory modules
    • production of graphical and tabular summary and analytical reports
    • production of an executive summary in editable format

    We plan our surveys in synergy with the customer and exploiting the competence of a team specialized in statistics. We develop and implement the latest technological solutions thanks to the support of a CAWI (Computer Assisted Web Interviewing) solutions team. We efficiently test and deploy to production what has been designed, granting effort savings for the Customer who is involved in the results analysis phase only.


    The service is based on the Globaleaks open source platform provided under SaaS (Software as a service) mode, which allows to manage reports received from employees effectively and in compliance with regulatory requirements, granting the highest level of confidentiality.
    The platform used is released under the AGPL.

  • GDPR Platform

    The GDPR management platform allows companies to manage all areas disciplined by the regulation. Its specific features allows the user to:

    • record the data processing activities
    • view the record of processing activities
    • perform risk pre-assessments
    • perform the Data Protection Impact Assessment
    • record violations of personal data (Data Breach)
    • manage communications with the Supervisory Authority (“Garante per la Protezione dei Dati Personali”)
    • archive useful documentation in each production phase
    • monitor data processing activities through multidimensional dashboards
    • extract executive summaries and detailed reports
Dedalo GRC advisory S.r.l. - Largo Luigi Antonelli 9 - 00145 Roma - Numero REA RM - 1536806 - PIVA e C.F. 14662641001 - Capitale Sociale €10.000