Technology Risk Advisory

Digital, Risk and Transformation

In an increasingly digital world, organisations must adapt to a constantly evolving technology, which implies the need to understand, use and manage the opportunities offered by digitisation in the best possible way, turning it into a concrete competitive advantage, capable of improving productivity and profitability

WE PROVIDE THE MOST APPROPRIATE SUPPORT TO PROTECT YOUR INFORMATION, YOUR REPUTATION AND YOUR FUTURE

The adoption of new technologies also entails the introduction of a new type of risk, and organisations must therefore identify new control models to protect against the potential risks of data loss or violation, lack of interoperability between applications, and information system malfunctions. All these risks may have operational, financial or legal implications, and potential reputational damage.

Our team of experienced Risk Technology consultants can help you meet the challenges of a business that continues to evolve and can provide you with the right tools and methodologies to best utilise and implement new technologies within your organisation. Understanding strategies, initiatives, processes and issues related to IT controls, cybersecurity, cloud, IoT, certifications, contractual compliance.

We offer a range of customised technology consulting services that will help you mitigate digital risk, in line with regulations and industry best practices, to help you navigate digital complexity.

RSM professionals can support you in multiple activities:

Identifying, managing and mitigating key technological risks in innovative ways, providing customised tools and methodologies
Support in spending review and cost optimisation projects in the ICT and compliance fields
Providing assurance and reporting on financial reporting, the system of internal controls and compliance with key standards
Providing innovative tools for digitising processes to deliver products and services in new digital ways

Our Services

IT Governance & Risk

Our IT Governance & Risk services help organisations understand technology risks, including through the assessment of related controls, providing management with suggestions for defining and implementing effective controls.

Our methodologies involve assessing the structure of general IT controls in relation to the sector and context of the organisation, verifying their correct operational application through design and effectiveness analyses of the controls themselves.

We offer services for the various activities related to IT Governance & Risk:

Designing, auditing and evaluating the adequacy and effectiveness of general controls for information systems
Risk identification in information system management processes and assessment against international best practices (e.g. ISO27001, ISO27002, COBIT, ITIL)
Support in setting up ISO 27001 management systems and accompanying certification
Third-party audits, including SOC 1 or SOC 2 attestations according to international standards (e.g. ISAE 3000, ISAE 3402)

Data Protection Advisory

Our services help organisations establish a regulatory-compliant information governance framework that protects corporate data while mitigating the misuse of information, through the careful design of processes and procedures that provide people in your organisation with clarity about their data protection roles and responsibilities.

RSM can help you to:

Conduct assessments and audits to determine compliance with data protection requirements and assess the adequacy and effectiveness of privacy frameworks
Prepare and update data protection and data management policies and procedures, in line with best practices and standards in your industry
Carrying out training and awareness-raising activities for all the organisations' resources
Make recommendations in relation to the General Data Protection Regulation (GDPR)

Transformation Assurance

The implementation or upgrading of a new management system (ERP) represents for organisations a path of considerable complexity with possible risks related to the information managed with particular attention to the processes affected by the new system.

RSM professionals dealing with risks related to the implementation of management systems also have significant experience in the implementation, design and audit of ERP systems in different sectors and organisational structures.

Our knowledge, experience and methodology help us analyse our clients' needs, providing support to verify that ERP solutions are tailored to your organisations.

We help you evaluate all strategic options, paying particular attention to the system integrator selected and the type of regulations applicable to your business environment (SOX, L262, GDPR, Tax regulations, etc.).

RSM can help you in several areas:

PROJECT MANAGEMENT

Project Management support during transformation projects (e.g. major and pervasive process changes, implementation of new systems). We act as an independent third party to monitor and mitigate project risks and enable you to effectively and efficiently achieve business objectives.

SECURITY AND CONTROL DESIGN

When choosing an 'out of the box' ERP solution, software houses are generally not responsible for the design of controls and the effectiveness of testing. With an understanding of your framework, specific controls and regulatory requirements, our job is to assess the control environment and design, review project documentation and identify control objectives and design them to be effective. We can also help you implement GRC tools to mitigate the risk of segregation of duty conflicts and assess the correct configuration of security controls and automatic "configurable" controls for major ERP applications.

UPDATING OF CONTROLS DURING ERP UPDATES

When upgrading or changing an ERP system, significant differences emerge in the pattern of controls within the system itself. Previously present automations no longer function, or new functionality now available but to be configured as required. Our team can analyse your process and help you identify and design the new set of controls required and evaluate their configuration.

REVIEW OF POST-GO-LIVE CONTROLS

If resources or time constraints did not allow for the design of controls during implementation, or if unforeseen problems occur after go-live, we can assess both the design and operational effectiveness of controls. Using our tools, we quickly assess your environment to identify automated or security controls and recommend improvements and actions to remedy any deficiencies in risk mitigation.