Risk Advisory

One Team, One Goal- Innovation & Transformation

Practice Leader

Karan spearheads the TRICS division at SPC with more than 15 years experience in field of Technology, Risk & Integrity Consulting having extensive experience in implementation and consulting for ERP, CRM, HRIS,  ISMS, EPS, DMS & PMS. Combined with his expertise in Risk management, SOP development, Fraud risk framework and Anti-Money Laundering he, along with the dedicated Technology team provides end to end business strategy and technology implementation advisory to clients within SPC ecosystem.

SOC & SOX TESTING

SPNX Consulting has been working as an outsourcing partner of various CPA firms and has helped them meet their tough deadlines on numerous assignments. SPNX Consulting has been working actively in the field of SOC/SOX audit since last 3 years. SPNX Consulting has collaborated with various offshore audit and consultancy firms and is working as their outsourcing partner. We have helped our offshore partners in meeting their deadlines even in tough situations. We have summarized our experience in the charts below:

OUR EXPERIENCE IN VARIOUS TYPES OF AUDIT

Tools Used

OUR APPROACH

1
Schedule received from client
2
Allocation of resources internally
3
Testers/Associates perform the allocated task
4
Work performed by testers/ associates is reviewed by manager
5
Manager updates the tracker meant for offshore clients
6
Daily/Alternate day touch base calls with offshore team leads
7
Daily resolution of review comments if any received.

PROCESS STEPS

Planning
Information Gathering
Control Evaluation
Testing
Identifying Deviations Discrepancies
Reporting

INTERNAL AUDIT & PROCESS REVIEWS

OUR AUDIT PROCESS & PLANNING

The audit risk assessment and a continuous follow up process is critical to identifying and filtering the processes and flows that can perform to provide measurable benefit to the organization. audit can deliver increased risk coverage, cost savings and measurable value to the business by identifying and performing audits across the company’s value chain. In our role as the provider of audit services, we aim to:

DASHBOARD

INTERNAL AUDIT & PROCESS REVIEWS

In our role as the provider of internal audit services we deploy continually updated functional checklists, CAAT, Data analytics and Data-Rooms for managing and advising clients on key risk areas and revenue leakages and control lapses and assist in business processes optimization and data driven decision making quality and effectiveness of the control environment within the organization

At SPNX Consulting we perform -

ERP Centric (Paperless) + Data Driven (Min.Samples) + Risk & Controls Matrix + Functional Scorecard
based Internal Audit

INTERNAL AUDIT PLANNING APPROACH

Overview of the approach for risk-based internal audit planning and execution, taking into consideration the significant and material risks for the Enterprise A good plan is half the job done – and in order to derive value from Internal Audits, it is important that a value-based approach is adopted at the time of planning itself:

INTERNAL AUDIT EXECUTION APPROACH AND METHODOLOGY

Using a top-down, risk-based approach will address the expectations of the management while maintaining efficiency throughout the audit process and meeting the objective of evaluating the design & operating effectiveness of Internal Controls:

Understanding the Business
Evaluate Control Objectives
Evaluating “As Is” Controls
Data Analytics
Test of Controls
Reporting Improvement Opportunities

THIRD PARTY RISK MANAGEMENT

Outsourcing activities to third-parties provide advantages to an organization but these may also carry along various risks. Therefore, NBFCs are advised to conduct a self-assessment of their existing outsourcing arrangements. These agreements are to be brought in line with the Directions as mentioned in the Circular “RBI/2017-18/87 DNBR.PD.CC.No.090/03.10.001/2017-18” dated November 09, 2017.

To ensure sound and responsive risk management practices for effective oversight, due diligence and management of risks, Third-party Vendor risk management (TPVRM) shall be done which focuses on identifying and reducing risks relating to the use of third parties.

KEY RISKS ASSOCIATED WITH OUTSOURCING SERVICES TO THIRD-PARTIES

A SUCCESSFUL TPVRM PROGRAM ADDS VALUE TO THE ORGANIZATION AND INCLUDES BENEFITS SUCH AS:

APPROACH AND METHODOLOGY

An automated process is the fastest path to optimizing and maturing third-party risk management program.
Implementing an end-to-end TPRM program will:
> Minimize total cost of ownership       > Provide a fast time-to-value       > Deliver information to make the best risk-based decisions

THE SPNX Consulting VRM APPROACH

1. Understanding the procurement policy for vendors onboarding

2. Define objective and prepare plan

3. Gather information

4. Validation and Evaluation

5. TPVRM Report

IT AUDIT SUPPORT

Companies are highly dependent on Information Technology Infrastructure and need to build a fine balance implementing advanced IT solutions and mitigating the cyber risks at all levels to manage those risks. Our insights and experience gained through continuous involvements in IT governance projects and IT certification and attestation services enable us to assist you in project management of major IT changes, as we have seen that it is often of utmost importance to find and implement solutions for particular issues encountered in daily operations. especially concerning cybersecurity and data protection.

THREE LINES OF DEFENCE IN REFERENCE TO IT GOVERNANCE

IS AUDIT

IT ASSESSMENT & ASSURANCE - SERVICES

Application
Audit

EFFECTIVE APPLICATION CONTROLS

A complete review of  core applications and  delivery channels from  an application control  and security stand  point.

BCP/DR
Review

ADEQUACY OF BCP CONTROLS

Exhaustive audit of  data center, disaster  recovery center and  audit of business  continuity plans  benchmarking best  practices

Network/Cyber Security Audit

RESILIENT ENTERPRISE NETWORK

Security audit of  entire network  infrastructure  including  configuration audit of  various devices

Vendor
Audit

SECURE VENDOR OPERATIONS

Audit of information  systems, functional,  operational aspects of  outsourcing activities

Cloud Security
Audit

Security Architecture Assessment

Security Risk Assessment

Security Solution Assessment

Cloud Cost Assessment

LATEST INSIGHTS

Stay informed with industry-leading insights!

freepicdownloader.com-global-business-internet-network-connection-iot-internet-things-business-intelligence-concept-bus-large
pr-02
8298dd52b8
revenue-operations-concept-(1)