IT Policies, Procedures and Forms

Oct 09, 2013
IT Policy

IT Policy

Overview

IT Policies, Procedures and Forms give an assurance of a perfect alignment of organisation’s business strategy with her IT strategy. Institutions  whose IT strategy is not in perfect alignment will be in any of the following status:

  • Entropy -A state of gross misalignment;
  • Misfit – collaboration between functions and processes is minimal;
  • Mixed – a state of mixture of alignment and misalignment; here a reasonable number of functions and processes are “kind” of going in the same direction;
  • Threshold – a minimal level of alignment exist so that products and services can move through the value chain and to the customer; and
  • Harmony – general and continuing state of perfect alignment.

 

Objectives

To understand the objectives of this engagement, the following key questions need to be answered:

  • Is your IT resources adequately supporting your major business objectives?
  • Can you reduce the cost of core processes, or can you deliver a higher quality service?
  • Can IT help you ‘tie in’ to your profitable customers and business partners on a long-term basis?
  • Is IT improving staff satisfaction and motivation to higher productivity?
  • Can new products and services be created? Can IT help you gain new markets and improve market penetration?
  • Can you derive better and more timely management of information?
  • How can your company’s information and knowledge be managed as a resource?
  • What new technologies are emerging and how can they be used in the future to address changing needs of the enterprise?
  • Is your IT function managed as a business?
  • Have you leveraged on Image Processing and Paperless Systems and Models (IPPS) to deliver quality service?
  • Do you have a good support system backing you to ensure low downtime  during mild or sever interventions?

The answers to the above, lie in developing and deploying IT policies, procedures and forms that will not only ensure a state of harmony, but a perfect alignment of your IT objectives with your Business objectives  and guarantee value for your IT spend- the state will be achieved in a manner which provides sustainable competitive advantage to the institution. That is the main focus of this domain of our service delivery.

Computer Hacking and Countermeasures

Oct 09, 2013
Computer Hacking

Computer Hacking

Overview  

  • Michael Comer, the author of corporate fraud once stated that; “If you want to catch a thief, you have to behave like a thief”.
  • It is truism that no system in the world is foolproof. This means that your IT security can be compromised any time any day, even by the enemies within. In the general parlance, Computer Hacking connotes evil, but indeed, the Computer Hacker is the good Guy, who will help you identify penetration loopholes in your IT infrastructure and at the same time generate commensurate countermeasures for these loopholes.
  • Our core mission in this kind of engagement is to create Ethical Hackers in your environment who will in turn STOP the CRACKER who will want to defy all odds to cause INHARMONY in your systems environment

Objectives

  • Our core objective here is in developing computer hacking skills in your IT and other control staff such as in bank examiners, internal auditors, etc. We will also carry out vulnerability assessment that will include penetration testing to determine where the loopholes are and develop effective countermeasures.

This kind of engagement is usually long-term in nature and could be on- going for some time.

IS Audit Assurance, Security and Support

Oct 09, 2013
IS Audit

IS Audit

Overview 

  • Corporate Governance  is all about power and responsibility sharing and setting policies, procedures and standards and making sure that entity’s personnel imbibe established corporate ‘Ethic’ as molded by these policies and standards which will give ultimate assurance that entity’s objectives are met.
  • By the same token, the Board or other Top Officers of the company must ensure that IT polices are aligned with corporate polices in other to avoid a state of Strategic Misfit. It is only then that management can have an effective score line for the benefits of IT deployment in organizations/agencies of Government.

As businesses and organizations demand for high-speed information transfer, computer networking provides a level of connectivity and consequently a virtual office which helps to achieve a higher degree of customer satisfaction. However, the bulk of the concerns lie in controlling the basic network infrastructures, as well as meeting the growing need for availability and high performance, especially as computer networks are increasingly handling mission-critical applications. Occasionally, legitimate employees become the “Risk Agents” and pose a higher level of threats to the entity’s Enterprise-Network Environment.

Our Service Process 

  • In this kind of environment, IS Audit Assurance and Security will provide the following benefits for your organization:
  • Establishment and Deployment of an Effective and Efficient IS Audit Environment that guarantees
    • IS Controls Monitoring and Compliance through Application Systems Audit Activity
    • Computer-Assisted Audit Techniques for Data Extraction and Analysis to produce electronic evidence of completeness, and accuracy of transaction processing using Interactive Data Extraction and Analysis (IDEA) CAAT
    • Vulnerability Assessment to ensure that Enterprise- Network Perimeter is not compromised
    • Penetration Testing and Confirmation to ensure that Infrastructural components and devices are in top form and are functioning properly
    • Assurance of a comprehensive and documented Disaster Recovery Plan and that Systems Contingency Plans are in place
    • Assurance that there is an IT policy in place which serves as a reference guide for all IT projects
    • Assurance that there is adequate support for all IT projects (Hardware and Software)
  • Activity Format
    • Audit Assurance activity could either be outsourced completely or have it deployed in your environment and then run a series of hand-holding with the client’s audit staff after some skills impartation process (Training).

The main objective of this engagement is to provide expert assistance to the client in Development and installing an IS Audit Assurance Function that is innovative and dynamic too.

Systems Contingency and Disaster Recovery Planning

Oct 09, 2013
Disaster Recovery Plan

Disaster Recovery Plan

Overview

Main Objectives:
One important success factor in business service delivery remains availability and up- time. Where companies and other mission-critical institutions cannot guarantee minimum down time in times of interruptions which can be man-made or by force-majeure, organizations pay dearly for it. Instances where Board of Directors were sued by other stakeholder for the Board’s inability to recover from a major peril abound.
Our service point in this area is to help organization develop and implement an effective Systems Contingency Plan and DRP that will stand the test of time.

Our Disaster Recovery planning will incorporate the following pattern:

  • Critical Assessment
  • Non-Critical Assessment
  • Sensitive Assessment
  • Non-Sensitive Assessment
  • Business Impact Analysis
  • Developing Recovery Alternatives
  • Testing a selected alternative
  • Implementing a selected alternative
  • Continuous Auditing and Monitoring of the DRP

Human Capital Development

Oct 09, 2013
Human Capital Development

Human Capital Development

Overview  

  • Truthfully, the survival or failure of any organization; being it public or private entity hinges on the human capital component. Best run and most successful organizations around the world (e.g Microsoft, IBM, etc) have been know to rank the human asset ahead of all other organization’s assets; hence a lot more investment is made on the human capital resources of these Organizations by way of skills development and improvement programmes.
  • Our core mission in this area therefore, is to help Organizations to develop, set, design and implement their strategic Human Capital Polices and Resources that are innovative and forward looking

Objectives

The core business solutions provided in this domain is tailored towards helping organizations and institutions of government build capacities in the following areas:

  • Finance and related Accounting Services
  • Information Technology
  • Computer Security
  • Management Skills
  • Basic and Advanced Computer Skills
  • Auditing and Forensic  Investigation
  • IS Audit Environment Creation and Deployment
  • Computer Hacking and Countermeasures
  • Computer Forensic and Data Recovery Skills