Business Risk Services
Our business risk services team work with you to help you understand and...
...effectively manage your existing and emerging risks related to business processes, information technology regulatory compliance, fraud and corporate.
Our business risk services include:
INTERNAL AUDIT SOLUTIONS
We assist our clients in accomplishing their internal audit activities by providing internal audit solutions and assistance in the improvement of risk management, controls and governance processes.
Outsourcing
Full Outsourcing of Internal Audit - This service involves conducting the entire internal audit (IA) function for companies that do not have an existing IA activity and assisting management in assessing the adequacy and effectiveness of established risk management, control and governance processes, as well as promote continuous improvement of the company's operations.
Co-sourcing with Existing Internal Audit Activity - This involves working with companies that have existing IA activity by helping their team of internal auditors accomplish IA tasks required by stockholders, the management, regulators, creditors and other stakeholders.
Business Process Review (BPR) / Process Mapping
BPR includes understanding the company's business processes and performing business and accounting process reviews in order to streamline and drive efficiencies into their processes and improve internal controls.
Business Process Risk Assessment (BPRA)
BPRA includes conducting the audit using a risk-based methodology which focused on the risks inherent to the company's operations.
Internal Audit Transformation
Internal Audit Transformation involves assisting companies in making an assessment of the IA function and determine gaps between their current IA practices ad the best practices in a risk-based audit approach.
Preparation of Accounting and Operations Manual
This service involves assisting companies in formally documenting their processes, in the form of accounting and operations manuals.
Quality Assurance Review (QAR)
QAR includes conducting independent review and assessment of a company's IA activity for compliance with the requirements of the International Standards for the Professional Practice of Internal Auditing (ISPPIA) and with the Code of Ethics of the profession and with the company IA's policies and procedures.
Training and Advisory
Training and Advisory includes assisting companies in conducting trainings on how to perform risk-based audit.
TECHNOLOGY RISK MANAGEMENT AND ADVISORY
We assist our clients in managing risks relating to information technology to ensure the confidentiality, integrity and availability of in formation used for financial reporting and management decision-making.
Application Controls Review
Leveraging on the methodologies and work programs used in audit engagements, Application Controls Review includes performing an assessment of the programmed controls used by the company in their business processes.
Business Process Review
Leveraging on the methodologies and work program used in audit engagements and the wide variety of industry practice provided by P&A, Business Process Review includes performing an assessment on both manual and programmed controls used by companies in their business processes.
Data Analysis using Computer-Assisted Auditing Techniques ( CAATs)
Using the application tool Audit Command Language (ACL) or Microsoft Excel, Data Analysis using CAATs includes analyzing voluminous financial transactions, which are deemed to help generate management reports for management's timely decision-making.
Network Security / Vulnerability Rev iew
Leveraging on the methodologies and work programs used in audit engagements as well as se
curity best practices provided by software providers and professional bodies, Network Security / Vulnerability Review includes performing an assessment of the company's operating systems and security systems such as firewalls and intrusion detection systems.
Computer Fraud & Forensics
Computer Fraud & Forensics includes providing assistance to company's in gathering computerized data needed for evidence in the event of fraud.
Penetration Testing
Penetration Testing includes ethical hacking such as white, grey and black box penetration testing in the company's network environment using special tools such as network discovery, enumeration, information gathering, vulnerability scanners, port scanners, etc.
Internet Web Security
Internet Web Security review involves assessment of the security of the company's Internet web security in preparation for the web site security certifications, ISO certifications or simply to attain a reasonable assurance on the security of the company's web information / transaction environment.
IT Governance Review
IT Governance Review includes health check assessment or gap analysis on the current governance design as well as operating effectiveness of the design implement in the company's IT environment.
Documentation of IT Security Policies and Procedures
Documentation of IT Security Policies and Procedures includes providing company assistance on the documentation of the company formulated IT Security Policies and document the relevant procedures to address the formulated security policies.
Business Impact Analysis and Business Continuity Plan (BCP) / Disaster Recovery Plan (DRP) Consulting
Business Impact Analysis and BCP/DRP Consulting includes review of the adequacy of the current business continuity plans and disaster recovery plans implemented by company.
Philippine Standards on Auditing (PSA) 402 for Service Organization
PSA 402 Review for Service Organization provides review of controls design and operating effectiveness as represented by the service organization's management as an added value for service organization.
Sarbanes-Oxley (SOX) Section 404, IT Controls Objectives
As part of the annual audit procedure, this review assists the financial auditors in the certification of the internal controls on the company's IT environment which may have direct or indirect impact on the preparation of financial reports.
SOX Section 302, IT Control Objectives
The review provides assistance to management on a quarterly or annual SOX 302 assessment, or provides assistance on the design or documentation of the design of established internal control on the company's IT environment, which may have direct or indirect impact on the preparation of financial report.
BS7799 / ISO17799, COBIT Benchmarking
The review provides benchmarking against best practices such as BS7799 / ISO17799 and COBIT in order to identify control gaps which may be brought about by lack of policies and procedures.
BSS7799 / ISO17799, COBIT Implementation Assistance
The review provides assistance in the implementation of ISO17799 and COBIT.
Software Quality Assurance Review (Pre- and Post-Implementation Review)
The service includes providing pre- and post-implementation assistance for companies who are in the process of implementing or has recently implemented an application package i.e. Enterprise Resource Planning (ERP) package or small- to medium-sized application system.
IT Risk Assessment
IT Risk Assessment includes co-development of a risk matrix with the company.
Project Management
Project Management services are provided to companies who would be implementing or are in the process of implementing and ERP
package or small- to medium-sized a pplication systems.
Contract Compliance
Contract Compliance services include providing assistance to companies who have significant revenues through software licensing contracts, compliance with intellectual property rights, etc.
IT-Related Agreed-Upon Procedures
IT-Related Agreed-Upon Procedures include providing services to companies having unique IT problems.
Application Testing / Evaluation
Application Testing / Evaluation includes evaluating an application for a company prior to purchase or deployment and providing assistance in confirming that securities and company's requirements are embedded within the application.
GOVERNANCE, RISK AND COMPLIANCE
We provide our clients value-adding assistance on Corporate Governance Advisory, Sarbanes-Oxley Compliance, and Fraud and Forensic Review.
Sarbanes-Oxley Compliance
Sarbanes-Oxley Compliance review involves assisting companies in maximizing the contribution of company's internal audit investment through services that effectively assess and prioritize key business risks, build leading practice internal control systems, efficiently conduct reviews of control structures.
Corporate Governance Advisory
Corporate Governance Advisory is focused on acting as advisors of companies in implementing good corporate governance practices within the organization.
Fraud and Forensic
Fraud and Forensic review is focused on determining whether fraud was committed, how it was committed and who may be responsible.