Risk Management

• Assisting clients in developing their risk profile and designing a strategy to mitigate the risks.

Internal Audit Transformation

• Enhancing the contribution of the Internal Auditor to continuously improve company performance.

Internal Audit Strategic Partnering and Staffing

• Formulating the right mix of resources that includes utilization of tools and applying standard.

Vendor and Outsourcing Audits

• Assuring reliability and dependability of business partners.

Fraud/Forensic Investigations

• Preventive, detective and corrective action in respect to fraud.

Information Technology (IT) Governance

• Establish IT Master Plan (ITMP) / IT strategic Plan (ITSP) for business goals/vision
• Establish or re-engineer a clients processes against international and local standards/best practices, such as:
  • ITIL for IT service management;
  • ISO/IEC 27001 for Information Security Management Systems (ISMS);
  • ISO/IEC 20000-1 for Services Management System (SMS);
  • ISO 22301 for Business Continuity Management System (BCMS);
  • Sarbanes-Oxley Act (SOX);
  • PRiNCE2 and PMBOK for project management.

Enterprise Security

• Establish an IT security function based upon international standard/best practice
• Security health check against NIST 800-53
• Assisting compliance towards PCI DSS (for Payment Card Industry)
• TVRA (Threat Vulnerability Risk Assessment) for Building

Systems Controls and Effectiveness

• Checking controls outside and within the “IT Box”
• Control Objectives for Information and related Technology (COBIT)
• Setting up surveillance systems to immediately mitigate control weaknesses
• IT service Management to ITSM or ITIL standard

IT Systems Management

• Checking controls against ITSM or ITIL standard

Business Continuity Plans

• Emergency response and evacuation plan based ISO 22301
• Safety and security operations manual ISO 45001
• Redundancy and recovery site establishment:
  • Avoiding single point of failure in building support infrastructure, e.g. electrical cabling, water and fuel supplies;
  • Site selection and site support requirements, e.g. food, water, medical supplies and temporary accommodation.

Information Communication and Technology (ICT) recovery plan

• Emergency communication
• IT disaster recovery plan
• Periodic testing, audit, drill and training

IT Project Management

• Quality assurance for system development
• Vendor Selection i.e. ERP, Core-Banking, IFRS, etc
• Data cleansing, integrity checking and migration
• Change management controls

IT Audit covering the high level assessment of

• IT governance
• Enterprise security
• Systems controls and effectiveness
• Business Continuity Plans
• IT Project Management

Compliance review / Independent Review for Bank Indonesia (BI) and Otoritas Jasa Keuangan (OJK):

• BI regulation regarding 23/6/PBI/2021 – Payment Service Provider and
• OJK regulation regarding POJK 38/POJK.03/2016 – The Application of Risk Management in the use of Information Technology by Commercial Bank
• OJK regulation regarding POJK 12/POJK.03/2018 - The Administration of Digital Banking services by commercial banks
• Other BI and OJK regulation regarding review of Information Technology.

Vulnerability Analysis / conducting vulnerability and penetration testing for clients systems

• Internet Application System, Core Banking System
• HR System, Inventory System
• Network and WAN System
• ISO 27001 Vulnerability Assessment
• PCI DSS Penetration Test / Assessment

Certification Preparation Programme

• Assisting in preparation for Business Continuity Management System (BCMS) certification and audit (ISO 22301)
• Assisting in preparation for Services Management System (SMS) certification and audit (ISO 20000-1)
• Assisting in preparation for Information Security Management System (ISMS) certification and audit (ISO 27001)
• Assisting in preparation for Quality Management System (QMS) certification and audit (ISO 9001)
• Assisting in preparation for Environmental Management System (EMS) certification and audit (ISO 14001)
• Assisting in preparation for Occupational Health and Safety Management (OHSM) certification and audit (ISO 45001)
• Assisting in preparation for PCI-DSS certification and audit (PCI-DSS v3.2)

Note: the certification will be provide by other certification body.

Training for introduction and implementation for

• Business Continuity Management System (BCMS) – ISO 22301
• Services Management System (SMS) - ISO 20000-1
• Information Security Management System (ISMS) - ISO 27001
• Quality Management System (QMS) - ISO 9001
• Environmental Management System (EMS) - ISO 14001
• Occupational Health and Safety Management (OHSM) - ISO 45001

Data Center Consultation

• Assisting in preparation for Data Center based upon TIA 942 Standard or Uptime Institute Tier standard
• Conduct Data Center Audit based upon TIA 942 Standard or Uptime Institute Tier standard

  Note: the certification will be provide by other certification body.

Training And Workshop

• Risk Management Workshop based upon ISO 31000
• ISO 27001, ISO 20000-1 and ISO 22301 Internal Audit Course
• ISO 27001, ISO 20000-1 and ISO 22301 Lead Auditor IRCA Registered Course
• ISO 27001, ISO 20000-1 and ISO 22301 Lead Implementation Registered Course
• IT Audit for Beginner
• Information Technology Infrastructure Library (ITIL v3 & ITIL v4)
• IT Governance based upon COBIT 5.0 & COBIT 2019
• CISSP, CISM and CISA 3 in 1 Workshop / Course.