IT Audit and Assurance
How confident are you that your IT systems fully support your business?
Information systems are becoming increasingly complex and difficult to understand and manage. The web of connections and the interdependence of businesses, allied with the diversity of hardware, software, clouds, networks and legislation make maintaining effective control of your systems harder and harder.
BTRP offer a number of services to make your life easier, helping you to manage the complexity and understand how to control and manage your information systems.
We are specialists in IT audit; focusing on the design, operation and support of information technology. Few businesses are able to justify maintaining such specialist expertise on the payroll. Through BTRP, they can access this support cost effectively and when it is needed.
BTRP consultants provide specialist, high level IT technical audit skills when you need them; without the on-going salary costs. We can help you to ensure your supporting IT systems are being controlled and managed effectively; becoming part of your team to help deliver your objectives.
How can we help you?
We’re experienced at performing IT risk assessments and detailed IT audits across the full range of risk areas. These include:
- Application, database, operating system and network security;
- IT operational management
- Business process design and effectiveness;
- Change and project management;
- IT governance and strategic management;
- Backup, recovery and contingency.
We have the training and experience, backed up by professional qualifications, to ensure our work is always of the highest quality. We also operate an internal review process to ensure our work is both technically sound and meets our client’s expectations. This is achieved by a peer review by a qualified BTRP associate.
IT Due Diligence
We have extensive experience of IT due diligence as part of business mergers and acquisitions. We can assist you in developing a high level understanding of the key IT processes and the impact of the merger/demerger of IT systems. This includes reviews of IT costs and developing an understanding of the impact of these to the deal. Integrating technologies is a complex process and there needs to be detailed consideration, as part of any merger or acquisition, to ensure the changes align with business strategy, IT strategy, IT management processes and IT risk.
Specifically we will consider some of the following areas:
- The mechanisms used to consolidation business processes and infrastructures;
- The existing application architectures and cost of licencing and integration;
- Network and communication technologies and the ability to manage cost savings or improved usage;
- Availability, resilience and capacity management issues;
- Disaster recovery and potential impacts on business continuity;
- Data integrity controls over the systems and the interfaces between those systems;
- The organisation and skills of the IT department and its ability to manage the changes successfully.
Through our recent work we identified £1M of additional costs relating to an SAP installation and in another case the complexity of decoupling IT Systems led to agreements to continue support of the IT systems through the demerger process over a 2 year period.
Supplier Due Diligence
Do you share sensitive data with your suppliers, or do they host critical business systems for you? Would you be confident that you know all the data they hold, and how they secure it and process it? Interestingly, only 20% of business’ sharing data evaluate their third parties annually, with an astonishing 22% of organisations never evaluating their third parties to ensure compliance with established information security frameworks*.
In the UK the FCA require regulated firms to undertake due diligence, where customer data is being shared. We’ve all seen the issues surrounding the loss and leakage of email lists and customer data and the ensuing fines. All businesses need to take note and follow the example from the FCA – sharing data with suppliers requires management and auditing.
BTRP has worked closely with one of the UKs major high street banks on their supplier due diligence programme. We have visited numerous suppliers who have access to sensitive data to confirm that their approach to data handling and information security is in-line with best practice. We have a ready-made approach to supplier management and using the ISO27001 standard as a guide, we can assist you in developing an approach to ensuring the security of your data once it is outside of your care.
If you would like more information, feel free to contact us.
*source – PwC 2014 Global state of information security survey