Technology Risk Advisory

Business Continuity Management (BCM) & Resilience

Resiliency is a critical component of successful business management. Experience shows that typically more than 50 percent of businesses without an effective resiliency plan will ultimately fail following a major disruption. The need to ensure continuity of service has never been greater due to more organizations operating 24/7 and an increasing dependence on technology to conduct business. Increasing stakeholder and regulatory expectations demand an approach that ensures equal consideration is given to managing the immediate and longer term outcomes from incidents affecting people, processes, systems or events external to the organization.

Deloitte’s experience combined with the use of a robust operational resiliency framework methodology help our member firm clients create organizational resiliency, a state in which issues are identified and prevented before they arise, and prepare the client to manage the unexpected.

Our BCM Methodology is based on a BETP (Buildings, Equipment, Technology, Human Resources and Third parties) approach and is aligned to the international standard for BCM, BS25999, as well as the Business Continuity Institute’s Good Practice Guidelines.

Our services include:

BCM & Resilience Implementations, which could either be a full or partial implementation depending on client needs. The implementations include:

• Occupational Health & Safety audits
• Current state assessments,
• Business Impact Analysis,
• Operational Risk Assessments,
• IT Service Continuity strategies,
• Business Continuity Plans,
• IT Continuity Plans, and
• Testing and Exercising.
• Disaster Risk Reduction programs

For those clients who know that pockets of BCM exist within their organisation, but are not quite sure what, we offer our BCM reviews known as BCM Healthchecks or Current State Assessments.

Many clients require additional resources to assist with the maintenance or implementation of BCM. At Deloitte our certified BCM practitioners, can supplement your team to ensure that BCM is driven to accomplish its goals and that it is effectively maintained. This service is known as our co-sourcing or outsourcing agreements.

Application Integrity

The scope and breadth of Enterprise Applications has grown to support new processes, businesses and technologies. With this progression, SAP and Oracle have developed functionality and increased integration as information is shared between parts of the organisation using web-enabled solutions, portals and exchanges. This functionality has brought new business risks to information integrity. In addition, regulators and auditors are raising their expectations and now require evidence that companies have addressed these risks and that programs are in place to actively identify and resolve controls issues in an ongoing manner.

Leveraging our know-how and tools, we can help you meet the requirements of your regulators, auditors and internal stakeholders by addressing the following areas:

Access Management and ERP Security (SAP, JDE, Oracle etc.) – design and implementation of the application security structure and establish access rights which support the requirements of the business. Security accelerator templates provide guidance related to role definition and applicable Segregation of Duties. This process includes security set-up, maintenance, administration and operations for all environments, as well as development, quality assurance, training and production.

ERP-enabled business controls – design and implementation of an internal control framework that leverages a cost-effective mix of automated and manual controls embedded in the automated business processes. These controls may include internal controls over financial reporting as required by Sarbanes-Oxley and other similar regulations and potentially other operational, compliance and privacy-related controls, depending on management’s requirements.

GRC System implementation & Integration

Succeeding in today’s control, cost and project driven economy requires a risk-based approach to information governance and technology. Deloitte work to help organisations achieve robust governance solutions focusing on process improvements and cost efficiencies.

GRC Technology Solutions – implementation and configuration of GRC Tools, in particular SAP GRC solutions, and Oracle GRC, and Archer, MetricStream, OpenPages, CURA, Barnowl etc.

IT Due Diligence

Information Technology (IT) is an integral enabler for business operations and assets. Reliable information concerning the quality and efficiency of the target company’s IT operations can have a significant impact on final business decisions and risk mitigation plans before, during, and after a proposed transaction.
Identify business risks - Our goal is to translate the technology issues impact to business risks that affect your transactions.
Structured Analysis - Our approach is structured and risk focused. Depending on your transaction situation, our approach allows us to customise our due diligence procedures to cover small and large organisations.
Technology Professionals - Our procedures are engaged by IT skilled professionals that serve Merger and Acquisitions clients. Where necessary, we have the capability to draw upon IT technical experts that are within our firm’s advisory and consulting practices to meet transaction requirements.

Key Contacts

Cathy Gibson
Director
+27 (0)82 330 7711
cgibson@deloitte.co.za