We help IT to develop and implement better procedures and controls by creating a stronger and more effective Governance.

  • Preparation of Gap Analyses in relation to COBIT and ITIL;
  • Evaluation of the degree of maturity of IT procedures;
  • Preparation and documentation of IT procedures;
  • Preparation and implementation of Information Security Policy (PSI);
  • Preparation of the Strategic Information Technology Plan (PETI / PDI);
  • Guidance and execution of improvements in IT governance processes to maintain compliance with market practices and standards;
  • Architecture specification and security implementation;
  • Assistance in structuring and controlling the IT function.

CyberSecurity and Internal Control

Information security projects with the objective of promoting security concepts in all processes and to all users involved with IT resources, supporting the increase of the degree of information security and increasing the reliability level. The following services are part of this segment:

 

  • Review of general information technology (IT) controls based on COBIT and ISO 27001;
  • EHT – Ethical Hacker Test and Cybersecurity;
  • Analysis and diagnosis of corporate networks, internet, extranet and intranet (intrusion test in computational environments) security;
  • Diagnosis of corporate network security; Privacy of information and certifications (E-commerce, Websites, WebTrust and SysTrust etc.);
  • Management of systemic identities and accesses (accesses and privileges review);
  • Application security and control;
  • Review of ERP packages’ controls and process security;
  • Business continuity management;
  • Preparation and review of the Business Continuity Plan and Contingency Plan;
  • E-commerce security and procedures assessment;
  • IT asset management (Software Physical Inventory to eliminate unlicensed software);
  • Audit of the organization’s critical applications;
  • Advisory in evaluating IT contracts;
  • Advisory for selection of suppliers and solutions;
  • ERP implementation;
  • Review of procedures related to systems’ development and maintenance;
  • Continuous audit (continuous monitoring process) and Internal IT Audit.

IT Risk Management and Compliance

Our methodologies used in the assessment and structuring of risk and control management are the result of a combination of risk assessment techniques, internal controls and compliance with regulations, following the regulatory bodies’ principles and recommendations and the best practices employed in various segments. They comprise:

 

  • Implementation of risk management structure and process;
  • Diagnosis of the level of maturity and proposition of best practices for risk assessment and management;
  • Assessment of Third-Party Risk Assessment;
  • IT Risk Assessment and identification and implementation of mitigating contermeasures;
  • Advisory in improving IT processes;
  • Preparation for ISO certification: IEC 27001 and Preparation for PCI Compliance (Data Security Standard (DSS)) certification of the Payment Card Industry (PCI).

Smart decisions. Lasting value.

© 2019 Crowe Macro Auditoria e Consultoria Ltda.
Crowe Macro Auditoria e Consultoria Ltda. is a member of Crowe Global, a Swiss verein. Each member firm of Crowe Global is a separate and independent legal entity. Crowe Macro Auditoria e Consultoria Ltda. and its affiliates are not responsible or liable for any acts or omissions of Crowe Global or any other member of Crowe Global.