Services
Core Services
Risk Advisory
With regulators, investors, and independent directors focusing on the importance of corporate governance, organizations need to streamline and fine-tune their processes and controls. Leadership teams are repeatedly turning to their internal auditors for additional assurance on the robustness of the systems as well as for risk mitigation controls. Fintrek's Risk Advisory Services Practice works with clients proactively to manage risk through the creation of sound internal controls
Cyber & Technology
Cyber Security Assessments analyzes the maturity of the information security program of an organization, as well as identify gaps, weaknesses, and opportunities for improvement. Get cybersecurity services and identify security risk to your business.
Business and technology are converging rapidly. With technology becoming the business of every company, understanding Information Technology (IT) risk is becoming more important. The ability to understand these risks and bridge the knowledge gap that often exists between business and IT is the core strength of Fintrek.
Resilience & Crisis
More than 20% of businesses never recovered from a Disaster, because they were never prepared. and had no resilience program was in place. We can develop and implement a Business Continuity Management System in line with leading standard and regulatory requirements.
Risk Advisory
Our risk practice is a combination of process, IT security and risk management. We provide a one-stop solution to our multiple clients on their risk and process needs. The team has an array of experts possessing industry-specific expertise.
Risk Management
We can implement an end to end Risk Management function. Below are key deliverables that we provide to our clients:
- Risk Management Framework.
- Risk Management Policy.
- Risk Management Strategy.
- Risk Registers
- Board Risk Committee Charter.
Development of Policies & Procedures (Operational IT and Financial )
We can develop Policies and Procedures (Operational, IT and Financial) in line with leading standards and IFRS.
For IT & Cyber Security Policies / Procedure please refer below.
GRC Function -Gap Analysis
We can conduct a detailed gap analysis of the Governance, Risk & Compliance function. A detailed gap analysis report is provided.
Information Security Framework Assessment / Implementation
Fintrek can assist clients in assessing and implementing the controls as per the leading Information Security Standards such as ISO 27000, NIST, National Cyber Security Authority, PCI - DSS, etc.
This includes Regulatory Compliance implementation
Vulnerability Assessment
Constant application updates and changes to application and system configurations can introduce vulnerabilities and leave an organization susceptible to an attack, even if security controls are kept up to date. In order to secure the data and availability of services, organizations must continuously scan systems and devices to detect vulnerabilities as they arise.
Our cyber security assessment services will provide a comprehensive risk, threat and vulnerability assessment to ensure the security of your organization. Our multidisciplinary approach looks at security from every angle to mitigate risks from data, physical environment. human element. to the role of technology.
Penetration Testing
We provide a deep security assessment of external and Internal network infrastructure and applications, internal network infrastructure, servers and client devices.
Our Consultants then exploits identified vulnerabilities and demonstrates the impact of those vulnerabilities in terms of successful attack scenarios.
Black Box
Black Box
assessment technique simulates real-life situations where information assets are tested for vulnerabilities and subversions using the most basic sets of information available. This ‘Hacker’ approach examines what vulnerabilities the clients' systems have to casual observers, Internet users, unprivileged internal assets, etc. The client provide us a target and we tell them what the bad guys can do with it.
Grey Box
Grey Box assessment technique is a step above the Black Box methodology as scanning is done not with minimal knowledge but with as much knowledge about the systems that the customer is willing to share. This allows our engineers to gain a solid understanding of underlying technologies, system structures, and, if applicable basic system accounts to test for complex exploitation techniques such as lateral movements or privilege escalations.
We can conduct both Internal and External Network Penetration Testing.
Web-Application Security Assessment
We can conduct a controlled testing of web applications from an unauthenticated user’s perspective will be conducted with the primary objective of identifying potential vulnerabilities present in the applications and associated infrastructure.
1) Information gathering
2) Threat Modeling
3) Vulnerability Analysis
4) Exploitation & Post Exploitation
We will attempt to identify inherent weaknesses in the design and implementation of security controls of the applications.
We will evaluate the applications in order to find exposures within the following areas:
--Unsecured application configuration settings
-Access control weaknesses
-Back-end database access
-Application or Web server and database error messages
-Legacy code
-Developer comments
-Open Web Application Security Project (OWASP) TOP 10
Technology Risk Services
IT Policies & Procedures
We can conduct a understanding of the current IT processes and services handled by the IT and develop polices and procedures for the process identified as gap. The deliverables are in line with leading standards such as CoBIT, ITIL, ISO 20000, etc.
IT Applications Control Review
Designing and implementing configured controls within an application may help the efficiency of audit reviews and assist in eliminating control deficiencies due to manual intervention. We can test the automated controls to provides assurance that these controls are designed and operating effectively to ensure the privacy and security of data transmitted within and between applications.
Key Expertise:
- Oracle EBS, Fusion & NetSuite
- SAP ERP & S/4HANA
- MS Dynamics
IT General Controls / Operations Audit
We can conduct an audit of the IT General Controls / Operations Audit. The review typically cover the following areas:
-User Administration (Starters, Movers and Leavers)
-Change Management
-Audit trail mechanism
-Capacity , Memory and Usage Management
-IT Disaster Recovery Management
-Data Back-up and Recovery Process
-Protection against virus and malware
-Patch Management
-Physical and Environmental Controls
-Information Security Controls (configuration management around password and account lock out)
-IT Incident Management
IT Governance Review / COBIT Assessment
We will bring best of breed professionals in the field of IT Governance, having sound knowledge and proven experience in implementing ISO 38500, ISO 27001 standards and COBIT 5 framework to perform the following:
- Assess the level of alignment between the IT efforts and corporate objectives;
- Help the client in developing an effective IT Governance program to maximize the business value
IT Project Assurance
Our Project Assurance services provides the independent ‘critical friend’ challenge and insight our clients require. Our methodology focuses on all the layers that provide the key foundations for every project. We can tailor our approach for operations or internal audit.
IT Vendor Management Audit
We can implement an IT vendor management program for our clients. The objectives of this type of audit are to evaluate whether the IT department has established risk-based policies for governing the outsourcing process, review and assess controls of the vendor selection process and service-provider contract process, assess the due diligence process of the provider, and check the service contracts and service-provider relationships. This includes Cloud Service Provider.
Resilience Services
Business continuity is concerned with the capability of an organization to plan for, and respond to, incidents and business disruptions in order to continue business operations at an acceptable predefined level.
These incidents can be a situation that might be, or could lead to, a business disruption, loss, emergency or crisis.
Business Continuity Management system Gap assessment
We can provide a gap assessment of Business Continuity Management System based on the resilience risk appetite of the organization and/or ISO 222301.
Business Continuity & IT Disaster Recovery Plans
Fintrek can conduct a Business Impact Analysis and Threat Risk Assessment to propose Business Continuity Strategies.
We can then develop a Business Continuity Plan for the respective departments. We can develop an IT Disaster Recovery (DR) Plan in line with the BCM strategies agreed with the Executives.
Crisis Management
We develop robust Incident Management Framework and effective Crisis Management Plans with effective strategies for Executives.
We can also assist our clients in testing these plans.
Why Fintrek?
- Our Familiarity – we have been extensively engaged by clients both locally and globally for providing consultancy services. Our team has acquired extensive experience and provided significant thought leadership addressing potential compliance related to leading standards and developing of the most appropriate action plans to mitigate the risks.
- Our Responsiveness – we treat each of our client with due care and we are always available to assist the client in a short space of time.
- Our Approach – we have developed our approach based on our extensive experience in the areas stated above. In addition, we are committed to provide you our highest level of service.
- Our Experience – we partner with our clients to deliver customized solutions that resolve their most significant issues and create lasting competitive advantage. Utilizing decades of industry experience and functional expertise staff at Fintrek looks beyond standard solutions to develop new insights, mobilize organizations, drive tangible results, and make organizations more capable.
- Our Engagement Team – members of our team have prior experience with several other organizations (as part of big-4 consulting firms and other blue chip organizations) and have certifications such as FCA, FCCA ACMA, CISA, CISM, CCNA, CVA, OSCP, ISO 27000 Certified ISMS Lead Implementer, ISO 22301 Certified BCMS Lead Implementer, etc.
- Our Professional Fees – by assigning individuals with extensive prior experience in the subject matter, we believe we can gain efficiencies and, therefore, deliver a high quality services at a reasonable fair fee.