Insights

The Risk Intelligent IT Internal Auditor

Ever feel like your information technology (IT) internal audit (IA) group just can’t get off the ground? What’s holding it down?

Insights

Helping Clients Manage Risk and Enhance Performance

Risk is everywhere and it must be identified, assessed and mitigated. Your ability to control specific process and technology risks requires understanding and continuous attention. It’s not rocket science – it’s just good management.However...

Insights

Deloitte named a leader in information security and IT risk consulting in Q1 2009

According to the March 2009 report, The Forrester Wave™: Information Security And IT Risk Consulting, Q1 2009, "Deloitte stands as the leader in information security consulting as well (as a leader in information technology risk consulting) thanks to 'its depth...

Insights

Information leakage prevention

The impact of regulatory intervention combined with negative publicity and public perception is prompting organizations to take immediate measures to understand the sensitive information they hold, how it is controlled and how to prevent it from being leaked.

Insights

Ensuring compliance with information security industry standards of the Bank of Russia

Information security in Russia is governed by a number of documents...

Cyber security services

Services

Cyber security services

Learn more

Deloitte's Information & Technology Risk practice helps organizations to deal with issues related to business processes, technology, operational and financial risks. Our aim is to enable clients to measure, manage and control risk and thereby to enhance the reliability of processes and systems across the board. We understand business and industry issues coupled with technology, audit and security expertise. This allows us to determine the real business impact of risks and to frame our findings and recommendations in a business context. A number of our professionals possess CISA and CISSP certifications.

Segregation of duties in ERP systems

To reduce the risk of fraud and unauthorized transactions, no single individual should have control over two or more parts of a process. This is a segregation (or separation) of duties. A simple example would be of an assistant in the accounts department who has been assigned access to amend supplier master file details and to make payments, which could lead to fraud as individuals create a supplier and process fraudulent payments to themselves. From experience, most segregation of duties issues occur because an organization has not taken a risk-managed approach to designing processes. There is frequently a lack of focus and attention given to the design, operation and monitoring of segregation of duties with organisations.

Our services: 

  • SAP health check to gain clarity on your organization’s Segregation of Duties violations and identify the possible implications.
  • Implementation or optimization of SAP controls through automation and rationalization to streamline existing controls or implement automated control solutions.
  • Implementation support for SAP GRP Access Control.

Information security compliance

Organizations must implement and maintain a security management framework, aligning people, process and technology, to survive in today’s competitive market and comply with external requirements.

Our services:

  • Assessment of the current state of information security against the requirements of the Central Bank of Russia’s security standard and Law of the Russian Federation “On Personal Data”, PCI DSS, ISO27000 and others.
  • Risk assessment, development of information security strategies, business cases and implementation roadmaps.

Business continuity & resilience

The need to provide continuity of service has never been greater due to more and more organizations operating 24/7 and there being an increasing dependence on technology in order to conduct business.

ncreasing stakeholder and regulatory expectations demand an approach that gives equal consideration to managing the immediate and longer term outcomes from incidents affecting people, processes, systems or events external to the organization.

Our services:

  • Business impact and current state analysis
  • Management of your business continuity program
  • Development of business continuity plans
  • Business continuity testing and training

Information leakage prevention

All organizations hold sensitive data that customers, business partners, regulators, shareholders and the board expect them to protect. Despite this, high profile security breaches involving personal and corporate data continue.

The impact of regulatory intervention combined with negative publicity and public perception is prompting organizations to take immediate measures to understand the sensitive information they hold, how it is controlled and how to prevent it from being leaked.

Our services:

  • Information flow analysis to understand how the organization currently manages sensitive information, where that information is stored, who is using it and how it is processed
  • Assessment of the likelihood and impact of information loss
  • Review of how the information is handled and the controls in place
  • Development of remediation plans
  • Assistance with the selection and implementation of automated DLP solution

Contacts

Sergei Buhanov

Sergei Buhanov

Director, ERS

Sergei has over 14 years of experience in control ...More

Gennady Griva

Gennady Griva

Senior Manager, ERS

Gennady is Certified Information Systems Auditor (...More

Alexey Yakovlev

Alexey Yakovlev

Senior Manager, ERS

Alexey joined Deloitte in 2011. He holds a Degree ...More

Back to Risk

Services

SAP

As a Global SAP Partner, we are perfectly placed to provide you with a solution that matches your needs and which is capable of growing with you...

Services

Internal control services

Internal control system improvement projects involve our consultants assisting companies to identify and assess risks related to the accuracy of their financial statements and the security of their assets.

Services

Internal Audit services

Internal auditing is an objective assurance and consulting activity designed to add value & improve an organization's operations. It can help an organization accomplish its strategic objectives by bringing a systematic, disciplined approach... 

Submit RFP

Submit via our online form

Contact us

Contact us via our online form.

Services

Corporate social responsibility services

International studies have demonstrated that corporate social responsibility (CSR) aspects have a most significant, non-financial impact on the value of the company...

Careers

Life at Deloitte

People make Deloitte one of the best places to work. What’s great about the people? That’s an easy answer. They are exceptional. Each person is unique and valued for that, among the best and brightest in the business, and takes pride in his or her achievements and the success of others.