Disaster Recovery

Because information technology is now integrated in most businesses, a business continuity plan (BCP) cannot be complete without a corresponding disaster recovery plan (DRP). While a BCP encompasses everything needed – personnel, facilities, communications, processes and IT infrastructure – for a continuous delivery of products and services, a DRP is more focused on the IT aspects of the plan.

If you’re still not sure how big an impact loss of data can have, it’s time you pondered on the survival statistics of companies that incurred data losses after getting hit by a major disaster: 46% never recovered and 51% eventually folded after only two years.

Realising how damaging data loss can be to their entire business, most large enterprises allocate no less than 2% of their IT budget to disaster recovery planning. Those with more sensitive data apportion twice more than that.

A sound disaster recovery plan is hinged on the principles of business continuity. As such, our DRP (Disaster Recovery Plan) blueprints are aimed at getting your IT system up and running in no time. Here’s what we can do for you:

  • Since the number one turn-off against BCPs and DRPs are their price tags, we’ll make a thorough and realistic assessment of possible risks to determine what specific methods need to be applied to your organisation and make sure you don’t spend more than you should.
  • Provide an option for virtualisation to enjoy substantial savings on disaster recovery costs.
  • Provide various backup options and suggest schedules and practices most suitable for your daily transactions.
  • Offer data replication to help you achieve business continuity with the shortest allowable downtime.
  • Refer to your overall BCP to determine your organisation’s critical functions, services, and products as well as their respective priority rankings to know what corresponding IT processes need to be in place first.
  • Implement IT Security to your system to reduce the risks associated with malware and hackers.
  • Introduce best practices to make future disaster recovery efforts as seamless as possible.

We can also assist you with the following:

Check our similar posts

How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Outsourcing

Are you ready to outsource? Do you even need to outsource? We’ll help you answer those and other questions regarding outsourcing and your company.

Once we’ve determined that outsourcing will render your organisation more focused on your core competencies, more cost-effective, and more flexible, we’ll offer you the full spectrum of our services. Our specialists can assist you in every stage of the entire outsourcing life-cycle.

Starting from evaluating what can be outsourced, through finding the right outsourcing service provider, building the contract and agreements, getting everything in place, and managing the outsourcing relationship – we’ll be with you every step of the way.

Learn more about some of the outsourcing services we offer:

Outsourcing Contracts and Agreements

When an outsourcing project fails, both customer and service provider are quick to put the blame on the other party. But in most cases, the actual culprit was really just sitting there since day one – a poorly planned and implemented agreement.

We understand how costly and disruptive a failed outsourcing project can be for your business. That is why we put utmost attention to each contract and SLA (Service Level Agreement) that our customers enter into. This always reduces the likelihood of having unmet expectations, one of the major reasons why some outsourcing relationships fail.

We make sure that each agreement is fair, not only for our customers but also for the service providers themselves. Why? Because a disadvantaged provider will most likely end up delivering poor service as an offshoot of efforts to improve its profitability and ROI.

To accomplish this, we’ll thoroughly assess the infrastructure, resources, and expertise of your potential service provider to ensure they have the capability to meet your expectations. We’ll also make sure that their expectations are realistic and clear to you as well.

Here’s what you can expect from us when we start managing your outsourcing contracts and agreements:

  • A thorough assessment of your specific needs and the service provider’s profile to determine whether you have the right match before proceeding with any agreement.
  • Professional assistance when the time comes for you to discuss the scope of work, expected service levels, and when negotiating for appropriate pricing. We’ll also help you set up provisions for possible changes in the scope later on.
  • Expert counsel during drafting and finalisation of the contract and Service Level Agreements. Whenever applicable, we’ll help you propose penalties whenever service levels are not met and rewards when they are exceeded.
  • Regular reviews to determine whether everything agreed upon in the past, like pricing and service levels, are still realistic or competitive enough in view of current technological advancements and the prevailing social and economic environment.
  • Mediation expertise whenever the outsourcing project appears to be falling apart. We’ll work with you and the service provider to resolve conflicts and avoid the expensive exercise of having to terminate the contract. But if the best solution is to part ways, we’ll make sure you make an exit with the least disruption, missed opportunities and financial loss.

Application Outsourcing

I’m sure you’ve come to realise that to gain competitive advantage these days, you really need to invest in IT applications.

There are applications for enhancing your customer relationships, speeding up production, streamlining processes, advancing collaboration, protecting your systems from malware and many more. Selecting the right application, testing it, implementing it into your system, and then managing it can deviate resources which would have otherwise been used in other areas to build business value, increase profits, and enhance innovation.

Wouldn’t it be nice to unload yourself of the management processes which usually accompany IT applications? Actually, you can – through application outsourcing. Application outsourcing providers possess the expertise to either partially or fully assume responsibility of your IT applications.

Our job is to see to it that you link up with the provider who can best answer your needs. The overall proficiency of these providers spans both proprietary and opensource solutions, allowing them to cater to a wide range of preferences and budgetary limits. At the very least, they can provide professional support for well established applications.

If needed, they can develop applications for your organisation, taking charge of every step in the system development life-cycle: starting from system initiation, requirements analysis, through design, construction, acceptance and eventually to implementation.

Here are some of the benefits you can enjoy once we start managing your application outsourcing initiatives:

  • Freedom from time-consuming tasks such as installations, upgrades, configurations and repairs.
  • Reduced total cost of ownership (TCO).
  • 24/7 support from well-trained personnel. This can substantially cut downtimes caused by inexperienced troubleshooting.
  • The option to have your applications housed in more secure and reliable environments with much higher availability and much lower planned/unplanned downtimes.
  • Dedicated specialists who can focus on providing better regulatory compliance and risk mitigation initiatives.

Infrastructure Outsourcing

Keeping up with the competition nowadays usually requires technological advancements as well as the capability to manage and maintain the infrastructure that has to support them. These undertakings can suck your resources dry.

If you’re looking to reduce costs even while improving the performance of your networks, servers, databases, firewalls, desktops and mobile devices, you might want to consider IT infrastructure outsourcing among your top options. Infrastructure outsourcing service providers have the resources dedicated to a stable, secure, scalable and always available IT infrastructure.

Typical service provider facilities include data centrers equipped with high-speed networks, reliable power, dependable security, as well as provisions for upgrades, consolidation, disaster recovery, or even business continuity.

These providers employ specialists and staff who can manage and maintain all of these for you. While your provider juggles your core IT-related tasks, you can keep your eye on the ball and refocus on your company’s business goals.

Here are some of the benefits you can enjoy out of infrastructure outsourcing:

  • Freedom from time-consuming tasks such as installations, upgrades, configurations and repairs.
  • Since service providers, who are expected to have better horizontal and vertical scalability, will deal with the technological intricacies, your company’s strategic development initiatives can proceed unhampered.
  • Greatly reduced electricity expenses as a result of consolidation.
  • Easier, faster, cheaper, and more reliable disaster-recovery solutions through virtualisation.
  • Lesser risks of disruptions caused by power outages, cyber attacks, or Internet connection downtimes.

Business Process Outsourcing

With the sheer number of business processes your company has to attend to, it wouldn’t be surprising if you rarely have room to innovate.

Through business process outsourcing, we can free a considerable part of your financial and manpower resources which are currently focused on routine activities. With more resources to drive innovative initiatives, you’ll be able to accelerate production, improve customer service, enhance overall business value, and arrive at a stronger bottom line.

Some of the business processes that may be outsourced include data entry, finance and accounting, form processing, procurement, and HR, among others. If you’re interested in finding answers to the what, how, who, and where of BPO, specific to your organisation, we’ll be happy to enlighten you.

Here are some of the benefits you can enjoy once we start managing your BPO initiatives:

  • Professional guidance to ensure that your BPO undertakings will really result in substantial savings and significant improvements to your organisation’s business value.
  • Careful monitoring of service levels to ensure faster turnaround, accurate data, and high quality outputs.
  • Expert evaluation of information handling processes to guarantee full confidentiality.
  • Professional and unbiased management dedicated to establishing a strong, reliable, and fruitful relationship between you and your provider.
The Better Way of Applying Benford’s Law for Fraud Detection

Applying Benford’s Law on large collections of data is an effective way of detecting fraud. In this article, we?ll introduce you to Benford’s Law, talk about how auditors are employing it in fraud detection, and introduce you to a more effective way of integrating it into an IT solution.

Benford’s Law in a nutshell

Benford’s Law states that certain data sets – including certain accounting numbers – exhibit a non-uniform distribution of first digits. Simply put, if you gather all the first digits (e.g. 8 is the first digit of ?814 and 1 is the first digit of ?1768) of all the numbers that make up one of these data sets, the smallest digits will appear more frequently than the larger ones.

That is, according to Benford’s Law,

1 should comprise roughly 30.1% of all first digits;
2 should be 17.6%;
3 should be 12.5%;
4 should be 9.7%, and so on.

Notice that the 1s (ones) occur far more frequently than the rest. Those who are not familiar with Benford’s Law tend to assume that all digits should be distributed uniformly. So when fraudulent individuals tinker with accounting data, they may end up putting in more 9s or 8s than there actually should be.

Once an accounting data set is found to show a large deviation from this distribution, then auditors move in to make a closer inspection.

Benford’s Law spreadsheets and templates

Because Benford’s Law has been proven to be effective in discovering unnaturally-behaving data sets (such as those manipulated by fraudsters), many auditors have created simple software solutions that apply this law. Most of these solutions, owing to the fact that a large majority of accounting departments use spreadsheets, come in the form of spreadsheet templates.

You can easily find free downloadable spreadsheet templates that apply Benford’s Law as well as simple How-To articles that can help you to implement the law on your own existing spreadsheets. Just Google “Benford’s law template” or “Benford’s law spreadsheet”.

I suggest you try out some of them yourself to get a feel on how they work.

The problem with Benford’s Law when used on spreadsheets

There’s actually another reason why I wanted you to try those spreadsheet templates and How-To’s yourself. I wanted you to see how susceptible these solutions are to trivial errors. Whenever you work on these spreadsheet templates – or your own spreadsheets for that matter – when implementing Benford’s Law, you can commit mistakes when copy-pasting values, specifying ranges, entering formulas, and so on.

Furthermore, some of the data might be located in different spreadsheets, which can likewise by found in different departments and have to be emailed for consolidation. The departments who own this data will have to extract the needed data from their own spreadsheets, transfer them to another spreadsheet, and send them to the person in-charge of consolidation.

These activities can introduce errors as well. That’s why we think that, while Benford’s Law can be an effective tool for detecting fraud, spreadsheet-based working environments can taint the entire fraud detection process.

There?s actually a better IT solution where you can use Benford’s Law.

Why a server-based solution works better

In order to apply Benford’s Law more effectively, you need to use it in an environment that implements better controls than what spreadsheets can offer. What we propose is a server-based system.

In a server-based system, your data is placed in a secure database. People who want to input data or access existing data will have to go through access controls such as login procedures. These systems also have features that log access history so that you can trace who accessed which and when.

If Benford’s Law is integrated into such a system, there would be no need for any error-prone copy-pasting activities because all the data is stored in one place. Thus, fraud detection initiatives can be much faster and more reliable.

You can get more information on this site regarding the disadvantages of spreadsheets. We can also tell you more about the advantages of server application solutions.

Ready to work with Denizon?

Contact Us Today