IT Internal Controls: area of focus - Ernst & Young - Croatia

IT Internal Controls

• Application controls and security — helps organizations identify and address the risks associated with ERP investments; in particular helps with assessing, designing and implementing effective and efficient ERP security and controls, monitoring the operating effectiveness of those controls, and assisting management with ERP implementations and upgrades.
• Business continuity management — devises strategies to monitor, protect and respond to complex threats to information and infrastructure and helps to protect the confidentiality of employee and customer data, as well as critical corporate assets.
• Continuous control/process monitoring — assists organizations in improving their decision making and performance by providing them with relevant and just-in-time information. These services also include controls optimization and cost of compliance management by automating the control monitoring processes.
• Information security (including Attack & Penetration, ISO 27001 certification) — assists organizations in identifying and managing their security risks and exposures, and in combining diverse security components into a design for a secure business environment. Includes requirements analysis, technical components evaluation, and pre-production design validation.
• IT contract risk — provides independent assurance on the terms of the outsourcing contract, credentials of the proposed outsourcing provider, whether the promised benefits are realistic or the controls in place to manage the outsourced data are effective.
• IT infrastructure controls & security — helps organizations identify and address the risks associated with investments in data centers, communication networks and other supporting technology; in particular helps with assessing, designing and implementing effective and efficient infrastructure security and controls, monitoring the operating effectiveness of those controls, and assisting management with controls optimization and cost savings related to compliance.
• IT risk remediation — helps mitigate IT risks by advising on improving the effectiveness and efficiency of the related processes and IT controls. By uncovering process and control deficiencies, we can also help to identify performance and IT control improvement opportunities.
• Privacy — helps protect the privacy of employee and customer data. Organizations require help to effectively manage compliance, expectations, and risk across their increasingly complex and geographically diverse enterprises. Data protection laws are far-reaching and have had a significant impact on how personal information is processed.
• Third party reporting — provides an independent assessment of your statements and representations to help build a higher degree of confidence and commitment from your stakeholders and establish trust and transparency in processes and practices with business partners.
• Vendor selection assistance — helps organizations execute flawlessly on IT sourcing, by picking the right process and the right level of detail at which to execute the process to avoid missing deadlines and alienating potential vendors.