|
Information System and Risk Management |
|
 |
| |
Technology enables rapid global business growth and advancement. It is also a major source of business risk.
Boards and senior executives recognize the importance of technology, but can struggle to understand and manage it effectively. Often, business executives and IT professionals don't speak the same language. This communications gap can lead to misunderstandings and misaligned expectations and outcomes.
We offer following services : |
|
Information Systems (IS) Governance |
|
|
| |
Effectiv IS governance helps ensure that business systems deliver value and that the risks inherent in using technology are managed. Information Technology (IT) performance is continually being questioned in the light of changing business and regulatory requirements, such as Sarbanes-Oxley, International Financial Reporting Standards (IFRS), and Basel II, as well as the requirement for transparency to shareholders. The IS governance structure should be designed to meet all these aims and to fit within the corporate governance framework. Effective IS governance is increasingly considered mandatory by boards and management.
How G.K.Choksi & Co. Can Help
G.K.Choksi & Co.'s global Risk Advisory Team looks at the measurement, management, and reporting of IT performance to help ensure that the risks and costs inherent in the use of technology are appropriately communicated and controlled. IS governance addresses a number of concerns organizations may have such as:
- Inappropriate IS strategy . Alignment of IS strategy to business strategy is critical. Without alignment, management decisions may result in inappropriate investments in or poor implementations of new systems.
- Difficulty in quantifying the value of IS . This is particularly important during acquisitions or disposals. The value derived from the impact of IT should always be known. The absence of this information could result in inappropriate investment decisions.
- Uncertainly as to the true cost of IS Before investments or changes are made, an organization should know the current cost in IS. Without a comprehensive management overview, this can be difficult to ascertain.
- Performance improvement systems . Measuring and improving IS is a constant challenge. Performance must be measurable to determine that the investment in IT is properly managed, technology risks are appropriately controlled, and a baseline for improvement is established.
- Regulation and compliance frameworks . Compliance frameworks can be costly and complicated to implement. Without them, however, organizations may increase their risk of fines and the risk of their IS assets being badly managed.
|
|
Value and Performance from IT |
|
|
| |
Value and Performance from IT What is the business value of IT to an organization? How is IT performing? These are the questions that many executives are asking about their investment in information technology.
Often, what is missing is an effective dialog between the corporate level and the IT function. When this is supported by an investment appraisal and performance monitoring, the organization can have a clearer understanding of the benefits IT brings to the business.
In addition, business events such as transactions and restructuring will change the overall IT requirement. Clients then need to reappraise management and sourcing decisions. |
|
Risk Issues |
|
|
| |
Risks change. Priorities change. People and processes change. When that happens, your business becomes exposed—unless you have a sustainable approach to risk management.
In this section you will find G.K.Choksi & Co.'s perspective on managing risk—the most important risk issues that our clients are seeking advice on; our global risk research into the views of key stakeholders; the unrivalled sector insights that our industry teams offer, and risk case studies that demonstrate how we are helping clients to tackle both the opportunities and threats of risk. |
|
Technology Risk |
|
|
| |
The Global Information Risk Management (IRM) team works with G.K.Choksi & Co's clients across the spectrum of information technology risk and performance.
- Security, Privacy and Continuity: In today's business environment, the reputation of a business, indeed its existence, can be impacted significantly by the strength of the security, privacy and business continuity mechanisms it has in place.
Fundamental controls, such as the segregation of duties, are often completely reliant on the strength of technology based access controls. In a world of global communications networks, security vulnerabilities can be quickly exploited. Well-publicized frauds and scams erode public confidence.
- IT Internal Audit Services: For some time, risk management through internal audit has been considered a contributing factor to an effective corporate governance framework. With developments, this perception is further reinforced.
The quality and effectiveness of Internal Audit functions are diverse, as are their mandate. To achieve effective Internal Audit coverage, specialist skills will often be required to assess the business' specific risks. Where IT is concerned, technical subject matter specialists are often required.
- IT Attestation Services: In an environment where customers and clients are increasingly impacted by a business' IT systems, extra assurance is often required to satisfy stakeholder expectations.
SAS 70 and similar standards examinations demonstrate that clients have undergone a comprehensive review of control activities. This includes controls over transaction processing as well as IT and related processes. Reviews provide clients with a third party attestation against the organization's internal control objectives. A formal report including the auditor's opinion is issued to the client at the conclusion of the examination.
- IRM in the External Audit: IRM is a vital part of the external audit and is used to evaluate financial audit risk. This involves identifying financial and operational risks embedded in business systems and processes, and providing advisory on risk mitigation.
IRM professionals integrate technology issues into the framework of the audit, working as part of the audit team to assess the technology component of business issues, risks, and strategies.
|
|
|
|
|
