- Technology Due Diligence
During corporate transactions (mergers, acquisitions or other business combinations), it is customary to perform Due Diligence to validate the assumptions on which the business and commercial logic of the transaction is based. What is very often not addressed (adequately or at all), is the technology side of the equation.
Our Technology Due Diligence methodology is designed to focus on three areas, all of them encompassing crucial factors that may affect the success of the project in strategic, financial and / or operational terms. These are:
- Integration Challenges & Risks – where we focus on the business applications and systems of the target organization, as well as the state of their network and security infrastructure. We also consider the extent of manual processing within the target’s workflows and operational routines, as well as the key contractual and technological exposures to 3rd party vendors. Finally, we seek to identify risk concentrations relating to key personnel, to mitigate such risks with appropriate actions
- Technology Effectiveness – we seek to evaluate the digital maturity of the organization to assess the extent of necessary, future investments including software licensing irregularities. We also consider threats to the target’s business model from digitalisation and technological innovation and advancement, to evaluate the likelihood and extent of hidden risks and future costs.
- Cyber, Privacy & Business Continuity – the 3rd pillar reflects a focus on even more “exotic” risks such as those from privacy; cyber attacks; inability to recover from manmade or natural disasters; and “novelty” risks as a result of cloud adoption or an ever increasing expansion of mobility and remote access to data and systems.
- Standards Implementation & Certification Support These solutions comprise domain-specific deliverables in support of regulatory compliance or certification processes against ISO27001 for information security and ISO22301 for disaster recovery and business continuity.
These projects are designed to result in Management Systems which are compliant and can be certified to the international standards of ISO27001 and ISO22301 for information security and business continuity respectively. They comprise full consulting packages with the necessary deliverables to allow our customers successfully achieve certification against their standards of interest. Such key deliverables include:
- management scope definition
- information security and business continuity policies
- asset analysis and categorization
- business impact analysis
- threat and vulnerability analysis
- risk assessment and control selection
- processes, procedures, standards and guidelines in support of desired controls
- project management of the implementation of new or improvement of existing controls
- support during the certification audit.
Banking Regulatory Reviews
With multi-year experience in banking, we have performed numerous projects designed to satisfy regulatory compliance objectives. Such projects include:
- reviewing the effectiveness of the framework for managing outsourced activities and Service Providers
- AML effectiveness reviews
- review of technology-dependent internal controls
- GDPR and privacy compliance reviews.
With regulation at an increasing pace, providing assurance or attestation services of such critical regulatory areas has proven invaluable for our customers, in building confidence and trust with their regulator(s), shareholders and management.
IT Assurance Solutions
Whether you are seeking assurance over the technology choices you have already made, or you have concerns over the continued and future effectiveness of your technology ecosystem and business applications, our IT Assurance solutions are designed to assist you benchmark your environment against industry peers as well as by comparison to accepted and best practices.
These are focused engagements designed to provide executives with independent views on the challenges they face regarding technology as well as opportunities that are available for improvement and reengineering.