Internal controls mandated by aforementioned are to be developed within an organization to provide reasonable assurances that corporate business objectives are achieved and undesired risks will be prevented, or detected and corrected based on either corporate risk appetite or compliance initiated concerns. Elements of controls are classified as preventive, detective or corrective in nature. This is done to ensure that control objectives include:
Safeguarding of information technology assets
Compliance to corporate policies or legal requirements
Accuracy and completeness of processing of transactions
Reliability of process
Backup / recovery
Efficiency and economy of operations
RSS Inc. will conduct an examination of the existing controls within our clients' IT business unit during an IT Audit phase. This phase will focus on information security and utilize the Capability Maturity Model (CMM).
Our team will collect and evaluate evidence pertaining to processes, practices, safeguards, and IT operations. The evidence will be gathered by conducting interviews with respect to the identification and evaluation of informational assets as well as encompassing IT governance, and reviewing pertinent intellectual capital artefacts focusing on information security.
An additional outcome of an IT Audit and Gap Analysis will assist in the prioritization of remediation actions in protecting the company’s critical assets. Controls will be recommended to manage pertinent risks to acceptable levels.
The IT Audit and Gap Analysis service offered by RSS Inc. encompasses both security and privacy risks.
RSS Inc. team will work in tandem with the client assigned team throughout the entire engagement.
By engaging the RSS Inc. team to perform an IT Audit and Gap Analysis, our client will benefit from an analysis of the current states and the potential impacts of the identified gaps faced by their organization. It provides the planning basis for making sound risk management decisions, used in forgoing investment capital or technology, along with controls that will manage the risks to acceptable levels. Our client will have access to RSS Inc. implementation expertise for recommended controls and pragmatic safeguards..
Overall, the IT Audit and Gap Analysis will help in raising awareness and knowledge within the senior management team with regards to security governance. By understanding and seeing the overall 'bigger picture', it will allow the organization to improve its internal controls in pragmatic fashion with minimal or no-disruptions of business activities.
RSS Inc. team will provide mid and long-term plans containing milestones for implementing safeguards in order to remediate the pertinent risks to acceptable levels.