Firewalls

There are two main reasons why some companies are hesitant to plug into the Internet.

  1. They know they’ll be exposing their company data to outside attacks from malicious individuals and malware.
  2. They fear their employees might get too many distractions: games, porn, chats, videos, and even social networking sites.

One vital component for your overall security strategy against such concerns? A firewall.

A firewall can block unauthorised access to certain Internet services from inside your organisation as well as prevent unauthenticated access from the outside. It is also used to monitor users’ activities while they were online.

In an enterprise setting, one may expect a collection of firewalls either for providing layered protection or segmenting off different units in the organisation. Some areas only need a standard line of defence while others require more restrictions. As such, certain firewalls may have different configurations compared to others.

Naturally, the more intricate an organisation’s defence requirements get, the more complex the task of monitoring, testing and configuring the firewalls becomes. That’s why we’re here to help.

  • We’ll evaluate your network as well as the security requirements of each department under your organisation to determine which firewall architecture is most suitable.
  • To achieve maximum efficiency, we’ll point out where each firewall should be positioned.
  • We’ll work with your key personnel to make sure all firewall configurations are set and optimised with your business rules in mind.
  • If a large number of firewalls are required, we’ll help you set up a firewall configuration management system.
  • Firewalls should be regularly tested and assessed to ensure they are in line with the organisation’s security policies. We’ll perform these routine tasks as well.

Firewalls aren’t very good at defending against sophisticated viruses. There are much better solutions for malware-related vulnerabilities, and we can help you in that regard too.

Other defences we’re capable of putting up include:

Check our similar posts

Project Management

In a cutthroat market, where the competition is constantly on the attack to break into your market share, implementing a project-based system can give your organisation the necessary tools to be more efficient and agile.

However, rapidly changing consumer demands, technologies and other factors make it ever more difficult to generate a strategic advantage from projects, let alone develop one. Also since a large organisation can easily end up having to manage multiple projects at the same time, the new management paradigm can appear too complex.

What your company really needs is the expertise that can guide you starting from conception and planning, down through procurement and execution in order to maximise whatever resources you have. Each move must be well thought out so that there are clear goals and objectives as well as methods to achieve them.

Programme Management

Are you running multiple projects pointing to an overall strategic direction? Then you’ll need more than just a “scaled-up” version of project management to make sure every component’s work effort is well coordinated to achieve your enterprise’s desired outcomes.

Through our expertise in programme management, we’ll work with your stakeholders, executives and clients to achieve the following:

  • Design a well-articulated management structure and clearly define decision-making roles & responsibilities – This will ensure decisions are made rapidly with zero to minimal overlapping issues and to promote a unified, well-synchronised advance towards the common objective.
  • Set objectives then make sure they are met by guiding your key personnel in coordinating activities across projects.
  • Design or utilise existing financial models such that they adhere to your enterprise’s financial policies.
  • Develop procedures for reporting expenditures specific to the programme.
  • Establish the programme infrastructure, including
    • The appropriate technical environment and tools (e.g. hardware, software, communication, and other IT-related items)
    • IT staff and administrators
  • Evaluate your enterprise’s current IT architecture to determine whether it will suffice to achieve your objectives. If it doesn’t, propose options you can take to meet what is required.
  • Plan out activities that should take place in different levels in the organisation.
  • Implement a periodic review of the programme progress as well as of interim results to ensure everything is aligned with the strategic outcome.

Programme and Project Reviews

Whether we’ve helped you set up your programme or you did it on your own, time will come when you’ll need to know whether everything is going as planned. If it appears like the entire programme is going smoothly, chances are, something’s going awfully wrong somewhere. Remember, even the most well-planned projects and programmes are still under the mercy of unforeseen variables.

We’ve got highly specialised reviews for either projects or an entire programme. We’ll be able to provide you answers to questions like:

  • Are all projects aligned with the programme’s intended direction?
  • Are the people working on your projects as focused with the business rationale as they have been with meeting deadlines and utilising resources?
  • Where are your risks and exposures? How can they be remedied?
  • Is the project viable at all?

We understand how your staff would want to function normally as quickly as possible. Rest assured, our programme and project reviews are conducted swiftly and efficiently so that both interruptions and oversights are brought to a minimum.

After we’re done, you can expect a detailed quantitative assessment of your programme and/or projects’ status.

Basically, we’re not here to find mistakes; we’re here to help you find ways to correct them. If a project rescue is required, we’ll be the first to lend a hand.

Project Rescue

Believe it or not, many of our clients approached us not before or during their project’s planning stages. But rather, after having gone through sloppy execution, when they end up losing control. In other words, we’re usually at the receiving end of the distress signal, after they’ve punched the panic button.

While obviously this isn’t the ideal time to seek the aid of any expert because it means you’ve incurred unnecessary losses already, all is not yet lost. If the appropriate remedial actions are taken in a timely manner, you can still achieve highly acceptable end results.

In fact, in most of our experiences with project rescue operations, we’ve been able to put projects back on track – just the way the planners wanted them to be. We’ll also help you devise airtight strategies to prevent your project from going astray again.

At the end of our project rescue,

  • You’ll regain complete control
  • Milestones will be reached as planned
  • Requirements will be accomplished, and
  • The project will be realigned with ideal business directions

Project Governance Processes

Constructing a firm underlying structure is essential in any organisation. So before we’ll institute project management, we’ll do the following first.

  • Set up a PMO or Project Management Office to ensure, among others, that
    • Utilisation of facilities, budgets, technical support and other resources will be well coordinated
    • Work products can be tracked and reviewed
    • Issues regarding methodology and processes will be given appropriate attention
    • Training can be organised
    • Project management discipline be instilled in the IT department
  • Establish a steering committee to oversee the implementation of IT and business strategies
  • Fill up slots for a project manager, IT executive and a business sponsor and define the roles of each
  • Infuse project management practices to all affected units of the enterprise

Establishing PMOs, steering committees and other management structures is the easy part. Many organisations spend so much in order to create the structures related to project management, only to find out later that the effort has been all for naught. That’s why we won’t end there. Our objectives will therefore include the following:

  • To plant and cultivate an environment appreciative of project governance i.e. one that does not project it as just a bunch of bureaucratic processes and protocols.
  • To establish an organisational culture that starts at the top.
  • To make everyone involved understand that the power of project governance still lies in the hands of those who will ultimately implement it.

A project-driven enterprise is never propelled by a single project. Since multiple projects require a more complex governing structure, you’ll need to understand the intricacies of programme management.

How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

How to carry out an Operational Review

A mobile workforce management software is key to managing an efficient field workforce.? Managing a staff of people can be tricky in any industry. Try keeping track of employees on shifting jobsites, many whom are paid hourly or temporary workers. The added pressure of ensuring the right workers get to the right sites at the right times, but they also need to track hours, parts used, vehicles and equipment assets.

In a previous post, we defined what is an operational review and why they play a key process in the continual evolution of successful businesses.?

Operational reviews allow the organization members to evaluate their performance, according to the procedures, resources properly, timescales and budgets.

Denizon – Operational Reviews Defined

Tweet

In this post, we’ll take a closer look at how to implement an operational review and the steps typically undertaken to help you and your organisation to implement an operational review.

What the steps in a Operational Review Process

There are typically six steps in an operational review that range from preparatory work conducting interviews and collecting documents to the presentation of the final written report.

An audit should be customized to meet a organisatons specific needs, so standard steps can and should only serve as a guideline.? Management and internal and external auditors should adjust the process to address the company’s particular goals and objectives.

Initial Management Meeting

Understanding the problem is the first crucial step of an operational review. This is one of major areas of discussions when the audit team meets with the management, and department heads will be asked to identify any specific areas of concern. Once the problem is identified, it would be easier to come up with workable solutions.

Conduct Interviews

The next step in the evaluation is carried out with experienced teams doing interviews and keeping close observation. Each team essentially watches how employees carry out their responsibilities. This is considered a key part of the process.

When doing the interview, it is also vital that the observing team gains the employees? trust and confidence. Likewise, the staff must be assured that whatever transpires between the team and the employee will be kept confidential. Management must therefore guarantee anonymity to anyone who offers critical information, lest employees withhold vital information and render the data gathered inaccurate.

Systems Review

Employees and management practices will be reviewed by the assessing team according to the standard policies and guidelines of the company. The effectiveness of the controls in place as well as their appropriateness to the current operating conditions will also be evaluated.

Reporting

A documentation of the data gathered and the assessment of the evaluating team, will be submitted to the management after the review process. Flow charts and written narratives of departmental activities are usually part of this report. This is also where observations and recommendations of the team will be presented to the department heads concerned.

Review Results

While the operational review is being conducted, it is important to take into account the vital factors that affect the company: the people, processes, procedures, and strategies. These four factors can determine the company?s progress in the future.

Key Areas of focus in operation reviews

At a minimum an operational review should include the following key ares of assessment

Management Control

Responsibilities, authority, and the scope in which an employee has the freedom to act must be clearly defined and documented. A complete and specific job description for instance, would give the employee a clear perspective on how he acts and functions within the company.

Boundaries should be set not only to benefit the employer but more so the employee as well.

Moral and Ethical Guidelines

Moral and ethical guidelines are just as important to ensure for a smoother employer?employee relationship. Otherwise, personal issues such as work ethics, work attitude and personal values may post problems in the long run if such guidelines are not drawn properly before relationships are established.

Processes and procedures

Evaluating processes is only beneficial if the company itself updates its processes and procedural manuals regularly, or at least when needed. Such protocols may need revision and some steps may be obsolete already. Improving a company?s processes and procedures doesn’t always entail cost. In fact, improvised procedures may even be cost-effective and could make the processes more manageable.

Communication and reporting standards

Gaps in communication could result in serious lapses in internal controls, putting the company and/or its assets at risk. This is where the importance of timely and clear communication comes in. Likewise, reports must be useful, and the flow of information and how it is processed must keep pace with the company?s growth.

Information technology (IT) and security controls can also be included under the communication clause. Proper IT security policies must be in place, state-of-the-art protection techniques employed, and everything be documented, periodically updated, and continually monitored.

Strategic planning and tactics

No company can ever be complete without its strategies. It would unwise for any organization to proceed without first knowing where it stands and what direction it wants to take. Strategic planning draws such a map. It must be aligned to the mission and vision of the company, and should also coincide with the organizational goals set. Strategic planning deals with these three key questions:

  • What do we do now
  • Whom do we do it for?
  • How can we overcome competition

Without clear strategic direction, expectations would likely differ between ownership and management.

Contingency planning, testing and recovery

Contingency plans must be up-to-date, and are essential to the organization. If one course of action fails, the company should have plan B, C and so on. In addition, an organization should be prepared to respond to interference’s.

This includes establishing a formal process to review transactions processing during both disruption and recovery.

Presentation of Report

Based on your objectives and our findings, we will develop detailed recommendations to improve your company?s performance and productivity. Our written report will include a list of both short-term and long-term projected improvements and courses of action, to be mutually agreed upon by both parties.

To ensure the achievement of the improvements we outlined, our team will also assist in the implementation of these modifications.

The plan has three levels of recommendations: one for executives, another for management, and a third one for staff.

The executive summary concentrates on your company?s strengths, weaknesses, opportunities and threats to its entirety. It includes recommendations for any needed changes in policy or governance.

The management plan is based on employee feedback and includes areas of immediate improvement as well as identification of potential problem areas. Concerns from the bottom level management can now be forwarded to the top level management in formal writing. Better working relationships may evolve from this, thereby setting the work environment for a higher productivity ratio.

Lastly, the staff report deals with topics like charting the hierarchy of the organization, and discussing in detail specific control objectives that are critical to the company?s mission. Part of our goal is to encourage personnel to pay close attentions to such changes, if any, as these efforts are essential if they want to bring about both organizational and personal success.

If you would like to further discuss how our operational review services can benefit your company, please feel free to contact us at your convenience to schedule an initial consultation. We?ll be more than happy to assist you.

More Operational Review Blogs


Carrying out an Operational Review


Operational Reviews


Operational Efficiency Initiatives


Operational Review Defined

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?