IT Audit & Advisory Services

For all the opportunities technology brings to companies, it can bring just as many risks – especially for companies that are growing rapidly. Technology risk forms a critical component of an organization’s risk profile but can often be overlooked or given insufficient attention. This is sometimes due to a lack of understanding of technology risk or that technology risk remains outside of the more traditional risk themes often recorded in organization risk registers. With the proliferation of complex technologies in many organizations, proactive management of technology risk should be considered a priority.

The world is changing and technology will reshape our lives over the coming years, whether digitalization, advanced data analytics, cloud or robotics change will touch many aspects of life and business. The benefits of transformation are becoming increasingly obvious. We believe Boards and Senior Management will need to respond to this change in a multitude of ways, with one vector being the quality of the Technology Risk and Assurance insight and ‎capabilities available to them. At TCC Corporate we continue to innovate and invest, so that our clients have access to the latest advice and assurance over the key risks areas.

TCC Corporate has significant experience of guiding organizations on managing risks, from review of infrastructure, applications, and systems, to providing guidance on how to set up an effective process for IT governance which can be quickly embedded in an existing organization risk management framework. TCC Corporate’s dedicated professionals provide our clients with a range of Technology advisory and audit services to contain risk, minimize downtimes, comply with complex government regulations and help the company run more efficiently. We value our client relationships and take pride in helping them tackle their biggest challenges – whether they’re expected or unexpected.

TCC Corporate provides following range of Technology services:

1. IT Strategy, Governance & Risk Management: Typically due to weak IT strategy, governance and risk management, there are several areas where weakness in the IT and Data environments can create systemic issues for a business. Our experienced professionals work with CIOs and IT executives through the IT lifecycle to define strategy, manage system architecture, and measure results to maximize value and enable enhanced business performance. ​We also assist the clients to modernize and transform their IT operations by defining responsibilities and support decision making and eliminate the chances of failure through introducing best practice frameworks for IT governance such as COBIT, and ensure the best alignment between business objectives and IT, which could be achieved through: understanding the organization culture and environment, identifying work processes, focusing on the automation opportunities, risks, obstacles and simplicity.
2. Business Continuity and Disaster Recovery: Our team can assist clients to set and develop the needed BCP and DR plans to recover/restore from critical and disruptive situations back to the typical operational functional environment. BCP and DR plans usually include workforce, operations, business processes, applications and infrastructure. We also assess company-wide business continuity and disaster recovery plans for critical systems, applications, infrastructure, facilities, people, and business processes.
3. Application Controls and Assurance: Application controls are those controls that pertain to the scope of individual processes or application systems in use. Application systems range from very small to Enterprise Resource Planning (ERP) systems. Our IT Auditors assess application controls which include: Inherent controls, Configurable controls, Security controls (Such as user access, segregation of duties controls), Reporting controls, Work flow controls and automated computations and Validation checks.
4. Segregation of Duties: In cases of complex, multi-system environments, ERP systems and maintenance of access rights and user roles can be a big challenge. This increases the likelihood and occurrence of inappropriate authorization settings thereby posing risks of inappropriate access and fraud. We help you design and implement access roles that minimize the associated risks while making continuous administration and maintenance effective and reliable.
5. IT Service Management: IT services continue to be outsourced/off-shored, located in the cloud or brought back in-house. IT organizations must constantly optimize their operations and respond quickly to their needs. The close interplay of IT management tasks supports the highly available, secure, high-performance and high-quality operation of the IT services and their continuous improvement - the professional provision and management of IT services. We can provide the Board with assurance over any transition plans or the gaps in the current IT service delivery model using ITIL or ISO/IEC 20000.
6. IT Infrastructure Management: TCC Corporate’s IT Audit team conducts a deep risk assessment and audit of an organization’s IT environment to determine where risks are. We help clients create systems and processes to keep organizations safe; from testing data back-up procedures to creating rigorous methods that will safeguard information when employees leave the company. This also includes a review over the IT General Controls (ITGCs), IT Asset management, access controls (physical and logical), and Service level management and Data centre environmental controls.

Cybersecurity Services

As a business grows, information sharing grows along with it – with vendors, contractors, partners, and customers. And every one of these digital relationships presents a new set of cyber risks. The need for security and the way in which it is implemented must be balanced, thoughtfully, in line with the needs of an organization to operate effectively, and to actively pursue its future goals. While it is impossible to eliminate all risks of cyber attacks, a well-designed program will minimize the negative impact on both short and long-term business goals.

TCC Corporate has a team of information and cyber security experts which, along with our investment in tools and methods, can help bring the latest insights to your business. TCC Corporate’s Cyber Security services offer a number of different solutions, from high level assessments to deeper intrusive assessment of the security configurations. Our team is comprised of seasoned professionals from a diverse range of backgrounds, including experienced IT, operations and data privacy consultants, as well as forensic technology professionals. We are built to provide comprehensive, customized services for each client, focusing on your specific operating model, technical demands, regulatory environment and industry dynamics. Whether it’s financial services, telecoms, oil & gas, government entity, insurance, healthcare, retail, hospitality, or any other industry – we understand your needs. TCC Corporate provides the following range of cybersecurity services:

Cyber Risk Assessment & Security Testing (VA/PT) - Using proven threat-modeling methodologies, we help to identify, classify and assess risks pertaining to information assets; evaluate potential impact and exposure, prioritizing risks against the costs of protection and implementing data breach prevention practices for effectively securing your sensitive information. We have also adopted an effective approach for our vulnerability assessment and penetration testing exercise using specialized tools comprising of planning, assessing and testing, documenting, reporting. This is geared towards effectively identifying potential exposures within your enterprise network (wired and wireless), information systems environment (applications, systems, and database), and public facing web applications to prevent the compromise of valuable Information assets and ensure security objectives are being met.

Information/Cybersecurity Compliance Services: There are a number of different security standards organizations which may be needed to adhere to - based on their industry or the data they hold. We have methodologies to help you meet the requirements of various standards, including ISO27001, ADSIC, NESA, DGISR and PCI DSS. Our tested and proven methodology and extensive experience ensure the effective and timely implementation and the eventual certification to the applicable standards. We follow a risk-based approach in ensuring that controls implemented are within the context of your organization’s strategy.

Cybersecurity Management Strategy & Program Design – We assist in the design and implementation of a comprehensive cybersecurity program aligned with an existing enterprise risk management framework. This includes strategy, organizational structure, governance, policies and procedures, training, and both internal and external communications. This encompasses access controls, data protection, security monitoring, data privacy, and the selection and implementation of security tools.

Security Improvement Planning, Awareness & Training: We understand the most efficient and effective way to manage the security threats. We can work with you to identify appropriate technology solutions, perform configuration baseline reviews, enhance security management processes, provide assurance over key 3rd party service providers and provide comprehensive security awareness training to Board and employees.

Security Incident Response Services: We assess how mature your incident response plans are including, use of specialized tools, methods to help contain the attack, communication strategy and recovery plans. If attacked and a security breach occurs, TCC Corporate’s experts can help you develop an immediate response plan to deal with the risk exposure you face.

Digital Forensics & Cyber Investigations - We provide rapid response to breach incidents or fraud, including identification of cause and implementation of remediation measures for affected areas, as well as expert testimony when needed.