Advisory Services

Business continuity management services

• Prevent incidents from occurring
• Increase incident/disaster response readiness
• Reduce downtime in the event of a business disruption

Information management and analysis services

• Data quality assessment
• Data conversion assurance
• Data migration review
• Predictive analytics
• Contract risk analytics
• Spend analytics
• Continuous monitoring
• Customer segmentation

Privacy risk advisory

• Privacy risk assessment
• Privacy compliance review
• Privacy advisory

IT enterprise-wide governance risk and compliance

• IT risk management and compliance
• Enterprise-wide governance, risk and compliance (EGRC) technology enablement advisory and implementation
• Information management and analysis
• IT effectiveness
• Program advisory 

IT internal audit

• IT internal audit co-sourcing/outsourcing
• IT internal audit transformation

IT internal controls

• Application controls and security
• Continuous control/process monitoring
• Information security (including Attack & Penetration, ISO 27001 certification)
• IT contract risk
• IT infrastructure controls and security
• IT risk remediation
• Third party reporting
• Vendor selection assistance 

Software licensing reviews/Software asset management

• Software licensing reviews (SLR) on behalf of software vendors at companies that use their software
• Software asset management (SAM) review to assist clients in rationalizing their processes of software acquisition, monitoring and retiring

Governance, risk and compliance (GRC) automation services

With the current economic environment exerting pressure on non-revenue generating functions, organizations are focusing on reducing redundancies and streamlining GRC-related processes and systems to achieve more value, lower cost and reduce residual risk. Additionally, the GRC function has become more complex with the organizations’ growing scale and geographical distribution. Further, an organization may have to tackle one or more of the following GRC mandates:

• Regulatory body compliances: RBI, TRAI, SOX
• Information security standards: ISO27001
• PCI-DSS
• Privacy laws
• Internal audit/policy requirements
• Business process compliances
• Client requirements
• Legal and tax laws
• Statutory audits Environment sustainability

Looking at all these factors, an automated approach to governance, risk, and compliance processes is the most viable option, which would lead to reduction in associated costs and increase in the value that can be obtained out of GRC processes. In some cases, automation may be the only option available to meet the dynamic, complex and widely distributed environments. Automation can provide the stakeholders a holistic view of risk and compliance across the organization and can help address scalability factors to cater to the ever- changing audit and compliance requirements. Furthermore, it will increase the accountability and provide higher visibility to stakeholders.

Our experienced team of professionals, having extensive experience in GRC services with training and certifications in multiple GRC tools (such as RSA Archer, IBM Open Pages, Control Case, Ernst & Young in-house tools, etc), can assist you in your GRC automation initiative.
 

Our focus areas include:

• Pre-configuration services – Design is key to any successful GRC tool configuration. Inadequate design could yield the best of tools incapable to handle an organization’s GRC requirements. We can leverage our GRC functional and industry knowledge to help clients with the following:
  • GRC framework and workflows development
  • GRC automation roadmap definition
  • GRC tool selection
• Configuration services – Tool configurations are performed as per the defined GRC framework and workflows. We can help with the following :
  • GRC blueprint development
  • GRC configuration and deployment for pilot and full roll-out
  • GRC solution user acceptance testing
  • Configuration quality assurance and program management
• Post-configuration services – Once a GRC tool has been deployed, user-training is the key activity. We can help with the following:
  • Post configuration review
  • GRC training and awareness management
  • GRC services such as risk management, audit, compliance, etc using the tool deployed in the organizations’ environment