Organisations — whether private or public; whether listed, large or small — increasingly realise that information is their single most vital resource alongside their people, and that IT is a strategic asset and major contributor to their competitive edge and success. The protection and management of information are vital to an organisation’s success.

The third installment of the report on Corporate Governance in South Africa — known as King III — stipulates, for the first time in a national governance code, a principle to implement IT governance and recommends the adoption of frameworks such as CobiT, ITIL, etc. The value of governance relating to IT can also be attributed to today’s complex regulatory environment, often directly impacting IT. A focus on financial reporting has similarly achieved heightened understanding of the importance of IT-related controls: a governance framework for IT can enable complex compliance requirements to be achieved in a more efficient manner.

IT is the foundation of the networked economy that cuts through organisational silos and the geographic footprint, as well as providing new and innovative ways of creating value.  While most organisations recognise the use of IT as critical to their success, they are less cognisant that it needs to be governed properly.

We shall assist in defining the focus areas of the IT Steering Committee and its Terms of Reference. We shall also assist with IT Governance within your organisation, and the development of the IT Governance Framework.  IT Governance is a subset discipline of Corporate Governance focused on IT systems and operations, and their risk and performance management. The purpose of the IT governance framework is to:

  • Promote the alignment of IT with business objectives
  • Provide a method for measuring and managing performance against goals
  • Help mitigate risk, delivering value and improving control over delivery of information systems and
  • services
  • Assist in complying with external legislation and regulations
  • Facilitate effective communication between IT and the business.

The IT governance framework is built to address the following critical components for success:

  • IT Strategy Alignment to the Corporate Strategy
  • IT Value Governance
  • IT Risk Management
  • IT Resource Management
  • IT Performance, and
  • Protecting valuable information assets.

In summary, IT governance is:

  • An integral part of corporate governance
  • The responsibility of Board members and executives
  • A mechanism to deliver value, manage performance and mitigate risk
  • A method to assign accountability for decisions and performance
  • Policies, procedures, management committees, performance metrics, and related management techniques working in unison toward common business goals.

In addition, we provide a comprehensive array of IT controls assessments, data engineering and network robustness assessments, including:

  • IT Assurance Services
  • General Controls Reviews
  • Application Control Reviews
  • Risk Management Services

IT Management Consulting Services and Project Management

  • Data and Information Engineering Services
  • IT Security Services
  • Quality and Compliance Reviews
  • Creating a Data Privacy Programme

ORCA submits that managing data privacy in today’s rapidly changing and complex operating environment needs to be tackled proactively, requiring organisations to develop and implement comprehensive, holistic resources to assess and address the constantly evolving data protection landscape.

IT Services Catalogue  
General Controls ReviewsThe assurance, audit and evaluation of the underlying IT environment on which financial and reputational systems reside.
  • IT Governance Reviews
  • IT Risk Assessment
  • Service Management Reviews (Change control, problem and incident management, etc.)
  • IT Acquisition and implementation
  • Facilities Management
  • Service-level Contracts assessments and review
  • Business Continuity and Disaster Recovery Plan reviews
  • Operations and Operating Systems Management
  • Data and Database Management
  • Information and Access Security Management Review
  • Project Review
  • Network Assessment and Review
Application Controls ReviewsThe audit of the financial or reputational system(s)/applications that manage business data and information.
  • System Development Life Cycle (SDLC)
  • Business Solutions (ERP and Non ERP Applications)
  • Home-grown applications
  • Payroll
  • Performance Applications
  • Financial and Asset Accounting systems
  • CRM
  • Application reviews: pre-, post-, close-out and implementation reviews
Risk Management ServicesEvaluation and identification of an organisation’s risk appetite in relation to risk management practices and principles, to ensure actual risks do not exceed the Board’s risk appetite.
  • Policy and Procedures Evaluation
  • IT Risk Assessments
  • Risk Register Generation
  • IT Risk Methodology development and deployment
Data and Information Engineering ServicesThe extraction, manipulation and comparison of datacontained in databases and systems to determine its integrity, consistency, completeness or to identify exceptions that should be escalated to management.
  • Data Mining
  • CAATS (Computer Assisted Audit Techniques)
  • Data Forensics
  • Continuous Audit CAATS
  • Data verification and comparisons
  • Data migration management and verification
IT Security ServicesThe audit, evaluation and applicability of security protocols that manage logical security of systems that protect the businesses IT assets.
  • System Security Assessment
  • Database Security
  • Electronic Mail Security
  • Network and Firewall Assessment & Reviews
  • Attack, Discovery and Penetration Testing
Quality and Compliance ReviewsWe specialise in providing independent quality reviews of IT audits that have been performed by other IT auditors, and have a particular interest in the alongside.
  • Security Audit
  • General Controls Audit
  • Application Control Audit
  • Network and Firewall Audit
  • Attack and Penetration Testing
  • Performance Audit
  • Project Management Assessments