KSI Bahrain Consultants and Public Accountants

Risk Management & Technology Advisory

Standing on an international level record of achievements, we provide governance, controls and technology risk management advice and assurance. We strongly believe that failure in any of these areas can affect an organization’s corporate image and financial stability. Accordingly, we provide our clients a high level independent assurance and audit regarding their risk management and compliance policies, procedures and practices.

We have an honorable experience profile in several business sectors, including financial services, gaming, healthcare, and marketing services companies.

Our expert assurance team offers a range of risk management and technology advisory services, including;

  1. Governance & Risk Management

    Being one of our core services, we deliver a vast array of services ranging from setting up a complete risk management framework from scratch to reviewing existing frameworks, assessing risk registers, etc.

    We are specialized in managing all kinds of risk, i.e. market risk, operational risk, credit risk, strategy risk, financial risk, etc.

    The main services we offer in this filed are:

    • Building a risk framework for an organization from the scratch.
    • Assessing the effectiveness of existing risk frameworks, if any
    • Management of and providing assurance on organisation’s risk management program.
    • Training, education and updates on latest Risk Management Best Practices.
    • Technical support on any risk area seeking expert involvement.
    • Provision of outsourced or co-sourced risk management solutions.
    • Performing Board Effectiveness Reviews.
    • Design and implementation of pragmatic risk and governance frameworks

      - Sarbanes Oxley Act
      - Data Protection Act
      - Basel III
      - MiFID 2

  2. Internal Audit

    We offer internal audit to clients under two models, namely, fully outsourced model or co-sourced model. Those performing in-house controls assurance activity, be they internal audit or a management control function, are often struggling in the process of possessing all the technical and business expertise needed to effectively design or review business controls. This difficulty together with the pace of development and complexity in areas like technology and compliance make it very unlikely that an in-house team with finite resources will have the skills they need to generate adequate assurance in every case. We offer a pool of specialist technical resources from which a business can draw to meet their needs. As this support is only required when it is necessary, it gives an entity a cost-effective way of filling internal skills gaps.

    Our service models are such that, we are also willing to pass our knowledge and expertise to entity personnel during our assignments with the client. This advantage is rarely obtainable and will enable an entity to reduce the dependency on external experts in the future.

    We offer our clients the following internal audit services:

    Internal audit on an outsourced or co-sourced partnership basis has the following features:

    1. Outsourced:

      – Technical support
      – Input into risk framework register
      – Build the audit plan
      – Perform all aspects of testing including continuous monitoring reporting and follow up of actions plans
      – Attend to audit committee meetings
      – Liaise with external auditors and other third parties

    2. Co-sourced:

      • Supply highly skilled staff to supplement the client’s existing audit team as business needs arise. Typically, this falls into three (3) areas.
        a. when client has an expertise gap,
        b. when client has a shortfall in human resources or other physical resources, or
        c. when client sees the review as internally sensitive and prefers to use wholly independent resources.

      • Features common to both approaches include:
      • Client has access to specific industry knowledge or the technical skill set of one of our subject matter experts.
      • Both require regular update meetings with the management of the client
      • Coaching and mentoring staff happens while performing the assignment
      • Efficiency of Computer-assisted audit techniques
      • Efficiency of using standard audit programs, yet tailor made for the assignment.

  3. Information Security & Data Protection

    Our technology solutions are based on two principles:

    a.The need for a greater amount of technical skills to address technical threats, and

    b. Awareness that many of the greatest losses come from “routine” risks which are not effectively addressed.

    Technology can be transformational in helping to deliver significant business improvements and yet it brings with it some of the greatest and fastest changing threats. With technology taking an increasing proportion of corporate spending, it now represents the major concentration of risk and reward for many businesses.

    We have extensive experience of dealing with global regulators and providing data privacy solutions which ensure that compliant handling of client data does not disrupt “business as usual”.

    Information security governance

    • IS027001 gap analysis assessment and remediation plan
    • Security architecture and/or policy design and implementation
    • Support clients to full accreditation to the IS027001 and IS020000 standard
    • Create/maintain risk management framework
    • Penetration testing and vulnerability analysis
    • Web application security review (OWASP)
    • Incident and response management
    • Identity management
    • Data encryption
    • Security awareness training and risk management
    • Access control management
    • Cloud computing
    • Bring your own device
    • Mobile computing

    Information technology governance and risk

    • Evaluation/creation of governing framework documentation
    • Create/assess IT control framework
    • Monitor/manage IT controls
    • Process improvement using methods such as benchmarking, continuous quality improvement, Six Sigma, CMMI (Capability Maturing Model Integration) or Lean Manufacturing
    • Evaluation and selection of IT investments, benefit realization and delivery of value
    • Cost management

    Technology assurance

    • Implementation/review of IT Infrastructure Library (ITIL) function
    • Configuration management
    • Application audit
    • IT infrastructure audit
    • IT audit
    • Regulatory Audit
    • Enterprise resource planning (ERP) audits
    • End user computing assurance

    Data Management

    • Data architecture review
    • Data privacy
    • Data analytics and forensics
    • Storage architecture
    • Data warehousing

    Business Continuity Management

    • Assistance with accreditation with IS022301
    • Operational resilience review
    • Business impact analysis
    • Risk analysis
    • Business continuity strategy
    • Business continuity planning
    • Continuity testing
    • Continuity training
    • Data storage and back up architecture
    • Manage external dependencies
  4. Third Party Assurance

    Businesses generally outsource most of their non-core business activities to specialist service providers in order that they can concentrate on their core services. As a result, there is an ever increasing need to be able to manage these service providers effectively. This starts with having an effective process for selection of the provider starting with a clear Statement of Requirements, Request for Proposal, analysis and balanced scorecard, due diligence and contract negotiation. Then there is the establishment of Service Level Agreements (SLA), key performance indicators and establishment of oversight processes.

    Our services include:

    • Assurance visit program for third party management;
    • Management of full RFP process, including: preparing statement of requirements; due diligence on providers; balanced scorecard evaluation of bids; recommendations
    • Monitoring of service level agreements (SLAs) or key performance indicators (KPIs);
    • Risk evaluations; and
    • Exit planning.
  5. Policies & Procedures

    This is a key area where we offer our services to review existing Policies & Procedures across various areas of an institution and provide quality assurance that they are in line with actual and market best practices. We highlight areas where the procedures are not in alignment with actual practice and recommend corrective measures. Where Policies & Procedures don’t exist at all for certain functions, we conduct detailed study of the existing practices and design appropriate policies and procedures in line with market best practices.

  6. Business Continuity Management

    Regulators are placing increasing emphasis on this vital function in an organization particularly considering the current uncertainties in the region. We have expertise in the following areas, which will benefit our clients.

    1. Review / Drafting of Business Continuity Strategy
    2. Conduct Business Impact Analysis across the various areas of an institution
    3. Design Business Continuity Plan in compliance with Laws and Regulations
    4. Design Crisis Management Strategy
    5. Conduct Test
    6. Assist in obtaining ISO certification
  7. Business Process Review

    Processes and controls evolve over a period of time in any organization and over a period become complex and, sometimes, cumbersome. We specialize in reviewing all business processes, identify high impact areas with potential for better performance, identify control weaknesses and redundant processes and recommend ways to improve efficiency. We also assist in aligning revenue, products /services, and customers to maximize growth opportunities.