Services
Core Services
Risk Advisory
With regulators, investors, and independent directors focusing on the importance of corporate governance, organizations need to streamline and fine-tune their processes and controls. Leadership teams are repeatedly turning to their internal auditors for additional assurance on the robustness of the systems as well as for risk mitigation controls. Fintrek's Risk Advisory Services Practice works with clients proactively to manage risk through the creation of sound internal controls
Cyber & Technology Advisory
Cyber Security Assessments analyzes the maturity of the information security program of an organization, as well as identify gaps, weaknesses, and opportunities for improvement.
Get cybersecurity services and identify security risk to your business.
Business and technology are converging rapidly. With technology becoming the business of every company, understanding Information Technology (IT) risk is becoming more important. The ability to understand these risks and bridge the knowledge gap that often exists between business and IT is the core strength of Fintrek.
Resilience
More than 20% of businesses never recovered from a Disaster, because they were never prepared. and had no resilience program was in place. We can develop and implement a Business Continuity Management System in line with leading standard and regulatory requirements.
Risk Advisory
Our risk practice is a combination of process, IT security and risk management. We provide a one-stop solution to our multiple clients on their risk and process needs. The team has an array of experts possessing industry-specific expertise.
Risk Management
We can implement an end to end Risk Management function. Below are key deliverables that we provide to our clients:
- Risk Management Framework.
- Risk Management Policy.
- Risk Management Strategy.
- Risk Registers
- Board Risk Committee Charter.
Internal, Operational & IT Audit
Fintrek creates a framework individually suited to meet each company’s needs. We take a hands-on approach, and our partners are deeply involved in the work we do.
our professionals assist our clients’ needs in the following areas:
- Internal audit outsourcing/co-sourcing
- Quality assurance review
- Process and internal controls advisory
Corporate Governance
We can conduct a Corporate Governance (CG) Assessment and also build a CG manual. We can also assist in implementing these CG controls.
At Fintrek, we have developed a suite of services to support your governance.
We have also provided a Governance tool similar to a Governance, Risk and Compliance (GRC) tool. The tool focusses and manages the various corpoarte governance controls.
Quality Assurance Internal Audit Function
A Quality Assurance and Improvement Program (QAIP) enables an evaluation of the internal audit activity's conformance with IIA Standards. We can conduct an evaluation to assess if internal auditors apply the Code of Ethics. The review also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.
Development of Policies & Procedures (Operational IT and Financial )
We can develop Policies and Procedures (Operational, IT and Financial) in line with leading standards and IFRS.
For IT & Cyber Security Policies / Procedure please refer below.
GRC Function -Gap Analysis
We can conduct a detailed gap analysis of the Governance, Risk & Compliance function. A detailed gap analysis report is provided.
Agreed Upon Procedures
We can conduct various risk advisory services as per management's request through Agreed Upon Procedures. We provide a report based on factual findings regarding financial information—no assurance is expressed.
IT Assessment
We can conduct an assessment of Technology capabilities of our clients based on leading standards such as CoBIT, ITIL, ISO 20000, etc.
Service Organization Controls (SOC) Assessment & Remediation
Fintrek can assist in conducting an assessment and/or remediation of the following Service Organization Controls (SOC) SOC reports:
SOC Type 1
SOC1 or ISAE3402 Report covers the systems applicable to internal controls over financial reporting.
SOC Type 2
SOC 2 reports are an examination engagement to report on controls at a service organization intended to mitigate risks related to security, availability, processing integrity, confidentiality, and/ or privacy (trust services principles)
Cyber & Technology Risk Services
Fintrek clearly understands the intersection of technology and cyber security. Our services cover one point of contact for both Cyber Security and Information Technology Risk Services. roject incorporating current and future business needs, future flexible architectures, and implementing state-of-the-art technology.
Information Security Policies & Procedures
We can provide Information Security policies in line (and referenced with) ISO 27000, NIST, National Cyber Security Authority, Regulatory Cyber Security Framework (such as SAMA, CMA, NCA, etc.). We can also conduct Maturity Assessment based on the respective standards.
Information Security Risk Assessment & ISMS Implementation
Whether a client requires a detailed Information Security Risk Assessment or ISMS Implementation, Fintrek can provide a full support.
Information Security Framework Assessment / Implementation
Fintrek can assist clients in assessing and implementing the controls as per the leading Information Security Standards such as ISO 27000, NIST, National Cyber Security Authority, PCI - DSS, etc.
This includes Regulatory Compliance implementation such as CMA, SAMA, HIPA, PCI - DSS, etc.
Vulnerability Assessment
Constant application updates and changes to application and system configurations can introduce vulnerabilities and leave an organization susceptible to an attack, even if security controls are kept up to date. In order to secure the data and availability of services, organizations must continuously scan systems and devices to detect vulnerabilities as they arise.
Our cyber security assessment services will provide a comprehensive risk, threat and vulnerability assessment to ensure the security of your organization. Our multidisciplinary approach looks at security from every angle to mitigate risks from data, physical environment. human element. to the role of technology.
Penetration Testing
Fintrek Consultants provides a deep security assessment of external and Internal network infrastructure and applications, internal network infrastructure, servers and client devices.
Our Consultants then exploits identified vulnerabilities and demonstrates the impact of those vulnerabilities in terms of successful attack scenarios.
Black Box
Black Box
assessment technique simulates real-life situations where information assets are tested for vulnerabilities and subversions using the most basic sets of information available. This ‘Hacker’ approach examines what vulnerabilities the clients' systems have to casual observers, Internet users, unprivileged internal assets, etc. The client provide us a target and we tell them what the bad guys can do with it.
Grey Box
Grey Box assessment technique is a step above the Black Box methodology as scanning is done not with minimal knowledge but with as much knowledge about the systems that the customer is willing to share. This allows our engineers to gain a solid understanding of underlying technologies, system structures, and, if applicable basic system accounts to test for complex exploitation techniques such as lateral movements or privilege escalations.
We can conduct both Internal and External Network Penetration Testing.
Web-Application Security Assessment
Fintrek can conduct a controlled testing of web applications from an unauthenticated user’s perspective will be conducted with the primary objective of identifying potential vulnerabilities present in the applications and associated infrastructure.
1) Information gathering
2) Threat Modeling
3) Vulnerability Analysis
4) Exploitation & Post Exploitation
We will attempt to identify inherent weaknesses in the design and implementation of security controls of the applications.
We will evaluate the applications in order to find exposures within the following areas:
--Unsecured application configuration settings
-Access control weaknesses
-Back-end database access
-Application or Web server and database error messages
-Legacy code
-Developer comments
-Open Web Application Security Project (OWASP) TOP 10
Network Security Design/Architecture Review
Fintrek's approach to network security through the use of Trust Zones and Infrastructure Layers. Trust Zones are designed around the mission from the start. Addressing the unique access and performance requirements for the particular communication access method, each zone incorporates best practice security controls germane to the environment and business.
Mobile Application Security Assessment
Fintrek will determine all the vulnerabilities in the mobile application and make every attempt to exploit these so the controls can be configured to address a potential attack.
Our Mobile Application Security Testing methodology includes the use of an automated security-scanning tool supported by manual hacking and enumeration procedures to detect and exploit vulnerabilities.
We conduct these assessment on both iOS and Android platforms.
Infrastructure Security Configuration Testing
Infrastructure Components are subject to security assessment using platform-specific security diagnostic tools and techniques. The objective is to assess the security posture of these systems and to determine if they could be better secured or hardened. Fintrek will focus on the systems identified as critical, in addition to the external and internal review steps. This will provide management with a holistic opinion of the target’s security.
Information Security Awareness
Fintrek Consultants can provide Information Security Awareness based on client's requirement and risk appetite. .
We design the session to be interesting and interactive!
Third Party Security Assessment & Due Diligence
Fintrek can conduct a Vendor security assessment to verify that service providers follow appropriate information security practices so your business can weigh the risk of entrusting them with your data.
Fintrek have conducted security assessments / due diligence on third parties on behalf of the client. Our approach is in line with the leading standards and client's risk appetite.
Data Classification
Fintrek can provide Information Classification & Risk Assessment services to its clients.
The following are standard deliverables for the initial phase of implementation:
- Information Classification Framework documents including Policy, Procedures, Modelling and Labeling / Handling Guidelines
-Information Asset Model
-Information Asset Classification – Scales and Rating
- Awareness Presentation
- Information Asset Register(s)
- Risk Treatment Plan
Technology Risk Services
IT Policies & Procedures
Fintrek can conduct a understanding of the current IT processes and services handled by the IT and develop polices and procedures for the process identified as gap. The deliverables are in line with leading standards such as CoBIT, ITIL, ISO 20000, etc.
IT Applications Control Review
Designing and implementing configured controls within an application may help the efficiency of audit reviews and assist in eliminating control deficiencies due to manual intervention. Fintrek can test the automated controls to provides assurance that these controls are designed and operating effectively to ensure the privacy and security of data transmitted within and between applications.
Key Expertise:
- Oracle EBS, Fusion & NetSuite
- SAP ERP & S/4HANA
- MS Dynamics
IT General Controls / Operations Audit
We can conduct an audit of the IT General Controls / Operations Audit. The review typically cover the following areas:
-User Administration (Starters, Movers and Leavers)
-Change Management
-Audit trail mechanism
-Capacity , Memory and Usage Management
-IT Disaster Recovery Management
-Data Back-up and Recovery Process
-Protection against virus and malware
-Patch Management
-Physical and Environmental Controls
-Information Security Controls (configuration management around password and account lock out)
-IT Incident Management
IT Governance Review / COBIT Assessment
Fintrek will bring best of breed professionals in the field of IT Governance, having sound knowledge and proven experience in implementing ISO 38500, ISO 27001 standards and COBIT 5 framework to perform the following:
- Assess the level of alignment between the IT efforts and corporate objectives;
- Help the client in developing an effective IT Governance program to maximize the business value
IT Project Assurance
Our Project Assurance services provides the independent ‘critical friend’ challenge and insight our clients require. Our methodology focuses on all the layers that provide the key foundations for every project. We can tailor our approach for operations or internal audit.
IT Vendor Management Audit
We can implement an IT vendor management program for our clients. The objectives of this type of audit are to evaluate whether the IT department has established risk-based policies for governing the outsourcing process, review and assess controls of the vendor selection process and service-provider contract process, assess the due diligence process of the provider, and check the service contracts and service-provider relationships. This includes Cloud Service Provider.
Resilience Services
Business continuity is concerned with the capability of an organization to plan for, and respond to, incidents and business disruptions in order to continue business operations at an acceptable predefined level.
These incidents can be a situation that might be, or could lead to, a business disruption, loss, emergency or crisis.
Business Continuity Management system Gap assessment
We can provide a gap assessment of Business Continuity Management System based on the resilience risk appetite of the organization and/or ISO 222301.
Business Continuity Plans
Fintrek can conduct a Business Impact Analysis and Threat Risk Assessment to propose Business Continuity Strategies.
We can then develop a Business Continuity Plan for the respective departments.
IT Disaster Recovery Plan
Following the detailed Business Impact Analysis and Threat Risk Assessment, Fintrek can develop an IT Disaster Recovery (DR) Plan in line with the BCM strategies agreed with the Executives.
We can also assist our clients in the setting up of the IT DR site.
Crisis Management Plan
Fintrek can develop a Crisis Management Plan which includes Communication Plan and Incident Escalation Path.
Business Continuity and IT Disaster Recovery Plan Testing
Fintrek Consultants can assist clients in conducting various tests over the BC Plan and IT DR Plan
Business Continuity Awareness
Fintrek can support its client in conducting various BCM awareness session and BCM training exercise.
Why Fintrek?
- Our Familiarity – we have been extensively engaged by clients both locally and globally for providing consultancy services. Our team has acquired extensive experience and provided significant thought leadership addressing potential compliance related to leading standards and developing of the most appropriate action plans to mitigate the risks.
- Our Responsiveness – we treat each of our client with due care and we are always available to assist the client in a short space of time.
- Our Approach – we have developed our approach based on our extensive experience in the areas stated above. In addition, we are committed to provide you our highest level of service.
- Our Experience – we partner with our clients to deliver customized solutions that resolve their most significant issues and create lasting competitive advantage. Utilizing decades of industry experience and functional expertise staff at Fintrek looks beyond standard solutions to develop new insights, mobilize organizations, drive tangible results, and make organizations more capable.
- Our Engagement Team – members of our team have prior experience with several other organizations (as part of big-4 consulting firms and other blue chip organizations) and have certifications such as FCA, FCCA ACMA, CISA, CISM, CCNA, CVA, OSCP, ISO 27000 Certified ISMS Lead Implementer, ISO 22301 Certified BCMS Lead Implementer, etc.
- Our Professional Fees – by assigning individuals with extensive prior experience in the subject matter, we believe we can gain efficiencies and, therefore, deliver a high quality services at a reasonable fair fee.