Nowadays, Technology is becoming the most important, key driver of business transformation. Within a digital economy environment, to assist you in addressing business challenges and getting value from technology investments, we bring together the skills to plan and implement the digital transformation of your company in line with business strategic objectives and deliver improvements in processes, as well as the knowledge in IT risk management, CyberSecurity and specialization in IT Assurance. People rely on us to transform the way IT works for them, reducing costs, increasing efficiency and making it easier for their IT function to respond to the needs of the organisation.
A. IT Audit and Assurance
We support the external audit and provide added-value by conducting IT Audit procedures based on International Standards on Auditing (ISA). We can assist Organizations with the effective operation of second and third line of defense and provide assurance in accordance with international Standards and/ or in compliance with Regulatory Frameworks and requirements regarding IT.
We offer IT assurance services to help you assess internal controls, cybersecurity threats and IT application risks throughout your IT environment and across your third-party relationships.
1. IT Audit in External Audit - Financial Audit/ IT Integration
The execution of IT-related audit procedures in support of financial statement audits and reporting on internal control over financial reporting.
This service contains the execution of IT-related audit procedures (including IT-related procedures beyond ITGCs) in support of financial statement audits and reporting on internal control over financial reporting (Integrated and Non-Integrated audits). Our balance of experience and skills in IT and business processes supports our Assurance practice in delivering audits.
— IT General controls testing
— Application and IT dependent controls testing
— Electronic audit evidence testing
IRM in External Audit assist Audit teams in assessing controls risk and in dealing with complex technology topics in support of financial statement audits and integrated audits by focusing on Public Company Accounting Oversight Board (PCAOB), and related, standards and supporting an integrated audit approach.
2. IT Internal Audit
IT Internal Audit (either insourcing or Co/Outsourcing) incl. SOX and Compliance Testing.
Our IT Internal Audit professionals can help Organizations align their IT Internal Audit capabilities with the strategic and tactical objectives of their organizations – giving them the means to meet their current and future needs as they relate to governance, risk, and compliance over IT resources. The firm’s professionals do this by :
- leveraging strong industry, IT control and technology focus and experience;
- deploying leading methodologies and tools;
- applying objectivity;
- using a balanced approach to growth and risk;
- utilizing comprehensive global breadth and local knowledge; and
- calling upon deep understanding of relevant business, financial, and regulatory inter-dependencies.
In particular, we help companies perform internal control over financial reporting (ICFR) testing on behalf of management against relevant regulatory standards including SOX 404, J-SOX, and others. In addition to assisting companies with ICFR, we help management streamline and improve their internal control environment to save effort while obtaining optimal risk coverage.
3. GRC Technology and Controls integration
GRC Technology and Controls Integration refers to the technology enablement necessary to support Organizations’ GRC processes. This includes assistance with creating the ROI value proposition, selecting GRC software vendors, implementing the GRC software, and assessing the opportunities for broader GRC convergence through automation or services related controls and security integration for large business transformations including SAP or Oracle ERP systems.
— GRC Technology Enablement
— SAP Internal Controls Integration and Optimization
— Oracle Internal Controls Integration and Optimization
— GRC Analytics
— Project Risk Assessment and Management
4. IT Attestation
IT Attestation professionals assist service organizations who need assurance on customer facing systems in order to help satisfy the risk and compliance needs of their customers. They delivers assessments that can provide comfort to service organizations and their clients through seals and distributable reports such as SysTrust and ISAE 3402.
In particular, we provide the preparation towards assurance and confidence to external stakeholders — in line with applicable assurance standards like SOC1, SOC2, ISAE3402 and others. Our Service Organizations Control Reporting (SOCR) services are designed to help service organizations:
• Build trust and confidence for organizations that operate information systems and provide business process services supporting financial reporting in the delivery processes and controls through a report they can deliver to their clients and client's external auditors.
• To meet the needs of a broad range of users who require information and assurance about the controls that affect the security, privacy, confidentiality, availability, and processing integrity of the systems.
Also, providing an accredited attestation statement intended for the general public on the quality of an implemented management system in accordance with the respective ISO standard (like ISO27001, ISO20000 and ISO22301), or helping an organization prepare to obtain one.
— AICPA SSAE 18 (SOC1) / ISAE3402
— SOC 2 / SOC 3, SOC for Cybersecurity examinations
— Other Attestation (e.g. BoG GA 2577, Privacy Assurance for GDPR)
— Attestation Reporting Readiness Assessment
— Management system implementation or certification (under accreditation) in the area of Information Security (ISO27001), IT Service Management (ISO20000), Business Continuity Management (ISO22301) etc.
— Unaccredited certification against existing standards like Privacy Seal, Webtrust, CSA Star (Cloud), etc.
B. IT Advisory in RC
As a business grows, information sharing grows along with it – with vendors, contractors, partners, and clients. And every one of these digital relationships presents a new set of cyber vulnerabilities, information security and privacy riks.
1. CyberSecurity - Information Protection and Business Resilience
The need for security and the way in which it is implemented must be balanced, thoughtfully, against the needs of an organisation to operate effectively, and to actively pursue its future goals. While it is impossible to eliminate all risk of a cyber attack, a well-designed pro-active cyber security program will minimise the negative impact on both short- and long-term business goals. As the information security landscape continues to evolve, and cyber-attacks become increasingly sophisticated, Cyber Security has become significantly higher up on the agenda of Boards across the globe.
Our Cybersecurity practice is comprised of professionals from a diverse range of backgrounds, including experienced IT, operations, and data privacy consultants, as well as forensic technology, business advisory, and accounting practitioners. We are built to provide comprehensive, customised services for each client, focusing on your specific operating model, technical demands, regulatory environment, and industry dynamics. Whether it’s financial services, healthcare, retail, natural resources, or any other industry – we understand your needs.
Let us help your organisation, wherever you are, to mitigate the cyber risks you’re facing.
— Data Privacy and GDPR Compliance (Readiness assessment and preparation, DPO services)
— Security Strategy and Governance (Security Strategy, Capability and Gap Assessment, Data Governance, Business Resilience)
— Security Program Support (Managed Security Services, Vendor Selection / General RFP Development, Secondments, Asset-based Services etc.)
— Security Transformation and Integration (Identity and Access Management (IAM), Security Architecture, Security Automation, Large project support etc.)
— Cyber Defence (Technical assessments, Security Operations Center (SOC), Incident Response (IR) Development, Cyber analytics, Internet of Things (IoT))
— Business & Technology Resilience (incl. Disaster Recovery and Business Continuity planning)
2. Emerging Technology Risk
Organizations can achieve tangible benefits from emerging technologies such as mobility, social media and cloud computing. But in doing so, they must recognize and embrace the risks that can accompany these disruptive technologies. Our Emerging Technology Risk Services practice can help clients recognize and responsibly manage these risks. We do this by aligning our partners and professionals with unique technology skillsets and capabilities with industry leading methodologies and processes, enabling us to deliver services that our clients and their customers can trust.
— IT Risk Assessment and IT Risk Management
— Data Analytics and Management
— Cloud Governance and Compliance
— Mobile Governance/Connected Device and Enablement
C. IT Advisory in MC
Our IT Advisory team helps companies set IT strategy, make big decisions, and execute critical projects. With deep insight into IT systems and their impact on business, Crowe can help you leverage technology to create and protect the value of your investement.
1. CIO Advisory
We assist our clients to bridge the gaps between business units and the IT Department and unite them around a shared vision that powers the business by:
- Gaining value by IT investments
- Aligning IT Strategy to business strategy, goals and strategic priorities
- Assisting with Enterprise/Group IT Architecture, Technology and IT Processes standards in line with best practices and industry standards
- Managing stakeholders for strategic large-scale change
Providing innovation to drive business objectives
Specifically, our services include the following:
- IT Governance reviews, assessment and consultation
- IT Strategy and Operating Model
- IT Re-organization
- IT Cost & Value Management
- Technology Business Management and Performance
- Service Management and Service Integration
- Technology Infrastructure and Architecture
- Managed Services
2. IT Strategic Planning - Digital Strategy and Plan
We assist Organizations in realizing the strategic business opportunities driven by digital technologies and planning for their digital transformation accordingly.
3. Project and Program Management Office (PMO)
We serve interim roles with IT leadership in directing people and project work. We design an Agile approach to software development that best meets the needs of internal and external customers.
4. Digital Transformation Services – Implementation Reviews (ERP, Core Systems)
Specifically, our services include the following :
• Review and Assessment (Vendor Platforms: SAP ERP, Oracle, Microsoft etc.)
• Pre and post implementation reviews
• Design and Implementation (Vendor Platforms: SAP ERP, Oracle, Microsoft etc.)
• Managed Services (Vendor Platforms: SAP ERP, Oracle, Microsoft etc.)
5. Systems Selection
We uncover the best strategic and tactical fit and align them for successful implementation in your environment.
6. IT Due Diligence
Identify IT risks, costs and a set of prioritized IT projects for the buyer
7. M&A IT carve out & integration
We design the strategy and help execute the often complex and high impact elements of changing IT during M&A.
8. Data and Analytics
Using our BI Solutions, data visualization and integrated reporting dashboards, we can deliver agile, highly interactive reporting and analytics that help our clients to more effectively run their business. We also help our clients develop common and consistent metrics that drive collaboration across regions, business units and partners.
Director, Technology Services