What threats are we at risk from? And how well prepared are we if the worst happens?
Increasingly, businesses need answers to these questions. IT leaders, audit and risk teams are having to manage growing expectations over the extent and quality of the assurances they provide.
Whatever your industry, you’ll have to meet specific compliance and regulatory requirements, with obligations to your shareholders, directors, an audit committee, the regulator, customers and business partners.
Meeting this range of expectations can be challenging. We can help you understand the demands and embed a culture where everyone from board level to control owners contribute. We work with you to design, implement and test the operation of your IT and application controls.
Our support includes:
- Sarbanes-Oxley (SOX) and UK SOX;
- Centre for Internet Security (CIS 18);
- Control Objectives for Information and Related Technology (COBIT);
- National Institute of Security Standards and Technology (NIST);
- NIS (Network and Information Systems) Regulations;
- Information Security Management System (ISO 27001);
- Payment Card Industry Data Security Standard (PCI DSS); and
- Information Technology Infrastructure Library (ITIL).
The UK government (BEIS) has now published its long-awaited consultation on reforms aimed at ‘restoring trust in audit and corporate governance’. The consultation includes a proposal that the UK should adopt a strengthened internal controls regime - similar to US’ SOX - that requires directors to attest to the effectiveness of internal controls over financial reporting. If you’re a company with a significant public interest, it’s time to start considering your IT controls in light of a potential UK SOX.
How can we help?
Designing, implementing and testing robust controls are the foundations of a successful organisation. We can help you to see the big picture and focus your efforts on managing the key risks before they happen. With our expert support, you can gain the assurances you and your stakeholders need and meet evolving regulatory and compliance requirements.
We can also contribute control and process insights that improve your organisation while reducing control compliance costs.
Our approach can help you in three core areas:
understanding your risks – we help you understand and prioritise your technology risks, focusing on the most pressing challenges;
developing and embedding your control framework – we work with your stakeholders to design and embed effective controls and align your assurance approach; and
testing your controls and providing assurances – we independently evaluate the design, implementation and effective operation of your controls, providing assurances to stakeholders, through a report we prepare together.
For more information about IT controls and compliance, please contact Steven Snaith, Sheila Pancholi, or Paul O’Leary.