What threats are we at risk from? And how well prepared are we if the worst happens?
These questions are increasingly being asked of businesses. IT leaders, internal audit teams and risk functions are having to manage increasing expectations over the extent and quality of assurances that can be provided to mitigate and prepare for these risks.
Whatever your industry, you will have to meet certain and specific compliance and regulatory requirements. Your obligations could be to your:
- board of directors;
- an audit committee;
- your industry regulator;
- your customers;
- your wider supply chain; and
- business partners.
Meeting the expectations and standards required by your many stakeholders can be challenging. We can help you understand these requirements and embed a controls culture with engagement from everyone from board level to control owners. We work with you to design, implement and evidence the ongoing effective operation of your IT and application controls. This includes:
- Sarbanes-Oxley (SOX) and UK SOX;
- Centre for Internet Security (CIS 18);
- Control Objectives for Information and Related Technology (COBIT);
- National Institute of Security Standards and Technology (NIST);
- NIS (Network and Information Systems) Regulations;
- Information Security Management System (ISO 27001);
- Payment Card Industry Data Security Standard (PCI DSS); and
- Information Technology Infrastructure Library (ITIL).
The UK Government (BEIS) published its long-awaited consultation on 18 March 21, on reforms aimed at ‘restoring trust in audit and corporate governance’. The consultation includes a proposal that the UK should adopt a strengthened internal controls regime (similar to US SOX) which requires directors to attest to the effectiveness of internal controls over financial reporting. If you’re a company with a significant public interest (Public Interest Entity – PIE) it’s time to start considering your IT controls, in light of a potential UK SOX.
Could you benefit?
Designing, implementing, and evidencing the effective operation of robust controls is the foundation of a successful organisation.