Among risk advisory services, we support the Internal Audit function or, in case the Internal Audit function has not been appointed, we are available to take the full outsourcing of the Internal audit function; in addition we assist our clients to design an effective internal control system in compliance with the requirements of the Sarbanes-Oxley Act and we provide independent certifications on the design and effectiveness of the internal control system (ISAE 3402, SSAE16).
Risk advisory services also include checks and activities on the company information systems. The information system (including technological resources - hardware, software, data, electronic documents, telematic networks - and human resources dedicated to their administration) represents a key element of the internal control system and for the business of the company. The planning of inspections ensures adequate coverage of the various applications, infrastructures and management processes over time, including any outsourced components. The IS Audit is able to provide assessments on the principal identifiable technological risks and on the overall IT risk management, also in accordance with the requirements for banks issued by the Bank of Italy (Banca d’Italia).