IT Audit and Advisory

SOC 2 (System and Organization Controls) reporting provides assurance on how your organization manages data to protect the interests and privacy of clients. These reports are based on the Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy — and are an essential component of demonstrating robust internal controls and risk management practices.

A SOC 2 Type 1 report evaluates the design and implementation of your organization’s controls at a specific point in time, providing stakeholders with confidence that appropriate measures are in place.

A SOC 2 Type 2 report goes a step further, assessing the operating effectiveness of those controls over a defined period. This offers deeper assurance that your systems consistently perform as intended and maintain compliance over time.

Our experts assist organizations through every stage of the SOC 2 process — from readiness assessments and gap analyses to audit support and report preparation — ensuring that your controls align with the standard’s requirements and effectively build client trust.

The PSD2 (Payment Services Directive 2) Audit provides an independent assessment of your organization’s compliance with the requirements set by the European Banking Authority (EBA) and local regulatory authorities. The audit focuses on evaluating the effectiveness of governance, security, and operational controls implemented to ensure the protection of payment service users and the integrity of financial transactions.

Our review covers key areas such as strong customer authentication (SCA), secure communication standards (API and data protection), incident management, risk assessment processes, and operational resilience. The objective is to confirm that your institution’s systems and procedures meet the PSD2 regulatory framework and industry best practices.

Through our PSD2 audit services, we help payment institutions, electronic money institutions, and banks identify compliance gaps, mitigate risks, and strengthen their control environment. Our findings and recommendations provide valuable insights for enhancing security, ensuring regulatory compliance, and maintaining trust in digital payment services.

The DORA (Digital Operational Resilience Act) Audit provides a comprehensive assessment of an organization’s operational resilience framework in line with the European Union’s regulatory requirements for financial entities. The audit evaluates the effectiveness of your digital operational risk management, including information and communication technology (ICT) systems, cybersecurity measures, and incident response capabilities.

Key focus areas include ICT risk management, cyber resilience, business continuity planning, third-party ICT service provider management, and reporting and monitoring of ICT-related incidents. The audit identifies gaps, weaknesses, and opportunities to strengthen operational resilience, ensuring your organization can prevent, respond to, and recover from ICT disruptions.

Our DORA audit services provide actionable insights and recommendations to help financial institutions, payment service providers, and other regulated entities achieve compliance, enhance security, and maintain trust with clients and regulators.

 SWIFT’s Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Since 2021, independent assessment became an annual mandatory requirement for all SWIFT users.

Strong privacy and security practices are the key in today’s information-based economy. Such practices are required by law. The Supplier Security and Privacy Assurance (SSPA) is a corporate program of the Microsoft corporation through which it delivers instructions for secure data processing in the form of “Microsoft Supplier Data Protection Requirements ” (DPR), to its suppliers.

• Completed an Independent Assessment against the DPR; 
• Issuing SOC 2 (type 1 and type 2) reports; 
• Issuing Management Letter with detected discrepancies and advice on how to resolve.

Performing of IT audit services along with review of regulatory compliance related to Information security law reporting, GDPR gap assessments and related reporting

The IT Audit Department works on identifying and eliminating deficiencies in the organization, functioning and management of information systems, as well as resource optimization.

Our approach in conducting the implementation review is designed to improve security, functionality and efficiency.

We help companies in achieving their goals by focusing on IT processes, people, technology, reporting, organization, data and documentation.

Our services include, but are not limited to:

• Internal and external audit of information systems
• IT Due Diligence
• IT risk management
• Vulnerability assessment of the information system,
• Assistance with compliance with IT regulations.
• Software Asset Management (SAM) and License review
• Reduction of IT costs because they represent a significant part of the total costs of the organization
• Testing disaster recovery procedures
  
  

We are offering our expert services that will help you surpass all challenges and aid you in fulfilling the entire audit plan by us taking care of the IT audit part:

• Preparing the annual IT audit plan
• Performing the individual IT audits
• IT Audit report writing
• Follow-up on IT audit findings

The services we provide in the field of audit of IT projects and information technology systems help clients to achieve the full value of their strategic technology initiatives and increase satisfaction with established IT solutions, through effective risk management. 

 

 

 

Cyber Security Services and Products 

• Cyber security audit
• FFIEC Cyber security assessment 
• Penetration testing
• ISMS Methodology implementation
• Implementation of cyber security technical solution

Regulatory Compliance 

• Information security law compliance report creation
• Business continuity assessment and process implementation
• GDPR gap review and compliance audit
• SSPA assessment for Microsoft suppliers

Business Continuity and Disaster Recovery process implementation and review:

• Business impact assessments and advisory services focused on evaluating key business processes.
• Assessment of governance processes aimed at identifying potential threats to the company, minimizing their impact on business operations, and establishing a framework for building organizational resilience with the capability for effective operational recovery.
• An appraisal of the adequacy of backup strategies, disaster recovery activities, and related testing is also performed.

Overall assessment of the organization's IT department and its divisions. Analysis of the quality of design and implementation of key IT processes and their monitoring by IT managers. Assessment to include key governance areas:

•  Planning and budgeting of department’s activities.
•  Procurement of IT resources and assets.
•  Staff management.
•  Quality of reporting to the Management of institution.

 Advisory services in establishing all lacking processes.

• Implementation and evaluation of incident management process, including recovery of services / functionality after downtimes, minimization of their impact on the main business and design of preventive measures.
• Advisory services covering discovery and treatment of problems based on the assessment of incidents.

• Implementation of ISMS 27001 based methodology and development of policies.
• Examination of adequacy, scaled to particular company’s needs, and quality of an Information Security Management System in each and every of its form (physical, technical, organizational security).
• Advisory and verification of the process approach for information security.
• Information security Risk Assessment process implementation and review.

Comprehensive appraisal of how IT-related projects are initiated, planned, executed, monitored, and closed, with a focus on ensuring alignment with business objectives and industry best practices. The service includes an assessment of the overall quality of portfolio management and a detailed review of IT project implementation processes, governance structures, and performance outcomes.

In addition, support is provided through IT project management services and the implementation of standardized processes designed to enhance efficiency, transparency, and project success rates across the organization.

• Advisory services in IT risk management are covering IT risk assessments and self assessment process.
• Insight in how IT related risks are identified, estimated, evaluated and treated both periodically, operationally and during execution of IT projects.
• Advice on how Risk Event Database maintenance and filling is performed.