In an era when technology has become essential to the running of almost every organization, the slightest disruption to IT services can have catastrophic results.
RSM can identify and manage the IT risks that your organization faces. Our technology services team is staffed with experienced professionals across all technology risk disciplines, including areas such as cyber security, data analytics and social media. We have the knowledge and practical experience to help you to manage your IT risks – before they become a problem. In addition to seasoned auditors, our team includes individuals from a practitioner background.
Amongst these are former network managers and technical IT security architects who now provide organizations with in-depth technical assurance and advice. We pride ourselves on providing clients with genuine experts in their field, and have specialist teams in the following areas:
- Data advisory and analytics;
- information security;
- Cyber security;
- Project assurance;
- Business Continuity;
- Regulatory and compliance (for example SO X, ISAE 3402, PCI , DPA);
- IT due diligence
- IT srategy and service management
- Cloud Advisor
1. Data advisory and analytics
Storing large amounts of information has become far simpler and easier in recent years. The skill is in leveraging mass data to gain new insights and ultimately drive growth. That’s where RSM’s wide range of data services comes in. Businesses looking for a competitive edge can take advantage of the increased ease in which large amounts of data can now be obtained and stored. Good use of data can lead to a deeper understanding of business processes, the workforce, supply chain management and even customer behavior. Risk, compliance, and internal audit teams have also found they can transform their practices using data analysis techniques, gaining insights into compliance issues, fraud and control breakdowns. RSM offers a wide range of data services designed to ensure your data is complete and accurate, as well as advanced analytics to help you drive new data insights. Our team of analytics experts can tailor its services to meet your individual needs. We can help you with:
- Audit analytics;
- Enterprise architecture
- IT General Controls
- Application Controls
- Big Data and Internet of Things
2. Information security
RSM’s specialist information security team has a wealth of experience in delivering advice and assurance as well as providing information governance solutions.
The need for information security underpins all IT systems, given the nature and volumes of data that such systems hold. We therefore believe that all organizations should consider information security a key ingredient of their corporate governance frameworks. Our proven information security assurance methodology focuses on the risks that matter. As a basis we use ISO 27001 framework combined with other frameworks such as NIS T or MEHA RI. We use it as the baseline to provide remediation where required. Our seasoned team has worked for many years in delivering assurance and advice.
We’re also experienced at developing and implementing information security solutions for our clients. This means we can offer you practical, tried-and-tested advice which is underpinned by a modern, leading edge methodology.
- Information Risk Identification
- Information Security assessment
- ISO27001 Compliance assessment
- ISO27001 Implementation and certification guidance
- Information Security Programme management
- Internal Audit services
Nowadays, threats are still coming from both the in- and outside. Statistics show that 80% of irregularities and fraud are still coming from internal lack of control. However, risk is more than the likelihood alone. The impact of external threats tends to be much bigger and the continuity of your organization might be at stake. There it is crucial to start working on the vulnerabilities you currently have and to address those processes in order to minimize the future risks. Based on the three lines of defense in Cybersecurity Assurance, RSM can guide you from a current state assessment till the complete implementation of a Cybersecurity programme. Furthermore, combined with the privacy and information security professionals, RSM can assure you the perfect integration of the different domains in order to avoid double or counteracting measures.
- CyberSecurity assessment
- CyberSecurity Programme management
With the acknowledgement and approval of the European General Data Protection Regulation, privacy has become a top corporate concern. These new privacy regulations and the required reforms combined with a tsunami of new technologies and associated risks form new challenges for management.
RSM can provide you with the necessary knowledge and expertise to face those challenges head on. For companies that manage large amounts of personal information, privacy management is vital to mitigating security risks and protecting the identities and personal information of all stakeholders.
- Define Information Flows
- Data Classification Processing
- GDPR compliance Assessment
- Provision of Data Protection Officers
- GDPR Compliance Programme
5. Regulatory and Compliance
There are many laws and regulations that have an IT impact. RSM professionals have the expertise to translate the legal requirements into pragmatic (IT) measures. To give some examples: Sarbanes-Oxley, ISAE 3402 type I and/or type II assessments and implementations can assisted, coached or completely executed by our specialist teams.
6. Project Assurance
When discussing the Project Assurance services, there are different levels to be considered. The GRC level services define the standards, communication lines, organization and dispensation of all projects. This might be specified into portfolio and/or programme management rules. The difference between those two is that portfolio is defined as a set of projects whereas a programme is defined as a set of projects with the same strategic goal.
On a management level, we can assist you in Project / Program management processes. We deliver the expertise to implement project methodologies such as PMBOK or Prince2, we define System Development Life Cycle (SDLC) or change management processes or deliver program management skills. The skills encompass expertise on:
- Investment Management
- Project Administration
- Project risk Management
- Issue Management
- Assumption Management
- Change Management
- Progress Management
- Project Audit and
- Quality Assurance
These are the processes that should be looked at when discussing Programme Management office processes. But all of these processes can be considered separately. Often, large projects are completed with the assistance of a project risk manager. Although the pure project management role is not the key focus of RSM Project Assurance, the risk manager surely is.
7. Business Continuity
Business continuity is the ability of an organization to maintain essential functions during, as well as after, a disaster has occurred. Business continuity planning establishes risk management processes and procedures that aim to prevent interruptions to mission-critical services, and re-establish full function to the organization as quickly and smoothly as possible. Disaster Recovery is one of the sub-processes of BCM and encompasses the recovery of IT systems and operations. RSM professionals can help you with:
- Business Impact analysis
- Disaster Recovery Plan
- Business Continuity Plan
- Business Continuity management
8. IT Due Diligence
RSM’s IT due diligence service covers the effectiveness and resilience of core IT systems and operations, but also seeks to provide insights into the scalability and extensibility of technology usage in the target entity to support future growth plans.
A rigorous IT due diligence can be critical in a deal situation. With the increased reliance of all businesses on technology, the importance of assessing the target’s strengths and weaknesses in its use of IT is greater than ever. Our service covers the effectiveness and resilience of core IT systems and operations, but also seeks to provide insights into the scalability and extensibility of technology usage in the target entity to support future growth plans. Whether on the buy or the sell side, our experienced technology consulting team can provide assurance and advice on the strategic opportunities that IT offers as well as any underlying risks. Our core IT due diligence service covers:
- IT infrastructure, networks and systems;
- IT governance and controls;
- IT continuity and disaster recovery arrangements;
- IT skills and staffing, including third party arrangements;
Our extended service also addresses the question of how technology can support and drive the target’s business growth plans – for example through new channels, the addition of new products or services, or growth into international markets.
9. IT Strategy
Every organization relies more or less on IT systems. On the other hand, technology changes may endanger your organization’s current environment. However, IT is still seen in a lot of cases as a cost to run the business. RSM professionals can assist in defining IT as an enabler for your organization or translate your business strategy into an IT strategy, ready for the future. It deals with technological aspects such as networks, systems, and applications and governance aspects such as service management, project management, security, HR.
10. Cloud Advisory
The shift from traditional ‘on-premise’ IT to technology services delivered via the internet represents the biggest change in corporate IT since the introduction of the PC. We can help you make the most of what the cloud has to offer. Cloud computing is here to stay. More and more SMEs and midmarket organizations are replacing their physical servers and systems with IT services delivered via the cloud. Moving to the cloud can bring big advantages. These include:
- Spreading IT investment costs;
- Better flexibility; and
- Allowing management to focus on the core business instead of maintaining IT systems.
But the cloud offers a very diverse set of IT services and it is important to understand what you are looking for and which providers can meet your needs. It is also critical to conduct full due diligence on cloud suppliers before making any commitments. You need to know, for example, that there will be mechanisms in place to allow you to retrieve your data should the supplier cease trading. The range of cloud services available include:
- Software-as-a-Service (SaaS), such as NetSuite or Salesforce.com;
- Infrastructure-as-a-Service (Iaas), such as Amazon Web services or Rackspace;
- Business processes-as-a-Service (BPaaS);
- Managed desktop; and
RSM can help you to navigate the complexity of the cloud, understand what services are right for you, identify potential suppliers, help you select the right ones for your business and help ensure a smooth migration from your legacy IT to the cloud.
Working closely with our colleagues in IT advisory, fraud risk services and consulting, we’ll tailor our integrated service to your needs.
To find out how RSM’s IT assurance team can help your organization manage its technology-related risks,
Steven Vermeulen : +32 (0)3 449 57 51
IT ADVISORY AND RISK ASSURANCE BROCHURE :
Please feel free to consult our general sales terms and conditions for providing services : General_conditions_audit_en.pdf