Contact Us   |   Site Map  

Gap Analysis allows companies to compare internal controls against legislations/ standards/ frameworks.

When a company embarks on the road of improving or establishing security governance, one of the initial steps is to identify and asses the existing internal controls and to identify gaps. An IT Audit and Gap Analysis is performed to provide a company with insight into areas that have room for improvement between business requirements and current IT capabilities.

RSS Inc. IT Audit and Gap Analysis comprises of a set of actions performed by our auditors to identify disconnect between the current state of governance compared to the following standards and frameworks:

                      COBIT, ITIL
                      ISO27001, ISO27002 (formerly ISO17799), ISO27005
                      Payment Card Industry (PCI - DSS)
                      Sarbanes-Oxley (SOX), Bill198
                      Canadian Securities Administrators' (CSA) MI 52-109
                      PIPEDA, pHIPA
                      NERC Critical Infrastructure Protection (CIP)

Internal controls mandated by aforementioned are to be developed within an organization to provide reasonable assurances that corporate business objectives are achieved and undesired risks will be prevented, or detected and corrected based on either corporate risk appetite or compliance initiated concerns. Elements of controls are classified as preventive, detective or corrective in nature. This is done to ensure that control objectives include:

                                        Safeguarding of information technology assets
                                        Compliance to corporate policies or legal requirements
                                        Accuracy and completeness of processing of transactions
                                        Reliability of process
                                        Backup / recovery
                                        Efficiency and economy of operations

RSS Inc. will conduct an examination of the existing controls within our clients' IT business unit during an IT Audit phase. This phase will focus on information security and utilize the Capability Maturity Model (CMM). Our team will collect and evaluate evidence pertaining to processes, practices, safeguards, and IT operations. The evidence will be gathered by conducting interviews with respect to the identification and evaluation of informational assets as well as encompassing IT governance, and reviewing pertinent intellectual capital artefacts focusing on information security.

An additional outcome of an IT Audit and Gap Analysis will assist in the prioritization of remediation actions in protecting the company’s critical assets. Controls will be recommended to manage pertinent risks to acceptable levels. The IT Audit and Gap Analysis service offered by RSS Inc. encompasses both security and privacy risks.

RSS Inc. team will work in tandem with the client assigned team throughout the entire engagement.

Solution Benefits
By engaging the RSS Inc. team to perform an IT Audit and Gap Analysis, our client will benefit from an analysis of the current states and the potential impacts of the identified gaps faced by their organization. It provides the planning basis for making sound risk management decisions, used in forgoing investment capital or technology, along with controls that will manage the risks to acceptable levels. Our client will have access to RSS Inc. implementation expertise for recommended controls and pragmatic safeguards..

Overall, the IT Audit and Gap Analysis will help in raising awareness and knowledge within the senior management team with regards to security governance. By understanding and seeing the overall 'bigger picture', it will allow the organization to improve its internal controls in pragmatic fashion with minimal or no-disruptions of business activities.

RSS Inc. team will provide mid and long-term plans containing milestones for implementing safeguards in order to remediate the pertinent risks to acceptable levels.