IT Process Re-/design / Streamline
The IT processes should be revisited from time to time to confirm that those are still aligned with the current, ever changing environment of the organisation. This is normally not done, given the utilisation level of the employees. Therefore getting validation around the appropriateness of the procedures and where needed, aligning them with the good market practice and ensuring alignment also between the practice in reality and the documented procedure helps management to make sure that things in operations are under control.
Segregation of Duties
While segregation of duties is an aspect that is normally looked at and assessed for appropriateness during audits, if management is concerned about this aspect, it is not necessary to complete a full-blown audit to assess proper segregation of conflicting roles and activities, and whether those are enforced by the systems and tools.
Information Security Control Design
If an organisation does not have proper procedures in place or those are not consistently performed due to lack of formalisation, it requires establishing what the current flow of the processes are so that those could be formalized and systematically enforced by the process owner. This always requires support from management.
Job Descriptions/Role Definitions
The activities in this service are very much interweaved with the Segregations of Duties. The purpose is to ensure that all critical responsibilities are assigned to individuals/roles and those are allocated in a way that conflicting ones do not go together.
Business Process Reviews
The reviews will assist to establish whether the business process has proper controls in place to address risks where things can go wrong. The process owners should aim for a good balance between manual business controls and IT controls (fully automated where possible or IT dependent ones, such as error reporting), to ensure that the process does not break. Balance between preventive and detective controls are also important to learn early enough if something went wrong and take corrective measures to fix the problem that has already occurred.
Technical Audits (Benchmark based)
Typically these audits use some benchmarking framework published, such as manufacturers’ good configuration practices (such those from Microsoft, Cisco, etc.), or CIS (Center of Internet Security) benchmarks and others. These frameworks serve as the basis for the compliance audits.
Assist Decision Taking
All the advisory activities listed above, as long as detailed analysis is performed, could assist management in taking decisions and choosing the most optimal choice for the business.
Every wrong decision can side track the IT operations, decrease efficiency and result in an inefficient use of resources. This ultimately will have an impact on how well IT can support the business operations and how costly that IT operations is.
Technical specifications for Call for Tenders
Given the wide-spread IT process knowledge and audit experience, based on management intentions, our company can help your organisation to define the technical and organisational requirements for your Call for Tenders to ensure that the service to be rendered will meet your business needs.