ICCS Logo

ICCS GRC Division

Tamper-Proof Continuous Auditing Solutions

Consult With Us

DETERMINE YOUR RISK TOLERANCE LEVEL

SOLVE FOR YOUR MOST CRITICAL ASSET




Leverage continuous intelligence assessments that establish compliancy and regulatory mandates, expose erroneous behaviours, consolidate assessment parameters, and systematize IT controls activity


MEASURING RISK

The Business Case

Your organisation’s risk appetite is measured against key strategic objectives where financial, operational and performance indicators form the business case

The Risk Positive Benchmark

The security baseline by which a risk positive posture is assessed provides the benchmark that helps an enterprise identify critical control deficiencies

The Risk Index

Known vulnerabilities demand a prescriptive, simplified, and prioritized commitment in order to balance your risk index with your organisation’s strategic initiatives into the future

IT Risk Management

For any IT risk management control to be effective, it must be autonomously managed, processed 24/7/365, easily assimilated, and provide user-friendly, easily navigable dashboards

WHY ICCS GRC?


Ranging in complexity, driven by tech and tools, systems undergo occasional testing, along with assessment and monitoring cycles to establish the efficacy of a controlConditioning might be applied to critical controls only or across systems ... old, dated methodologies are a liability in today's business landscape

The GRC Server is an analytics tool that provides IT auditors a true observability and monitoring solution allowing for access to the entire IT estate in real time; in so doing, brings maximum value to an organisation’s IT Governance, Risk and Compliance posture. The platform ingests information from operational IT systems and maps this information to Risk and Compliance controls for analysis.

GRC CORE CONTROL TOOLS

BASE CONTROLS

  • • Information remains transparent
  • • Delivered through a secure URL to the logged-in user
  • • Analysis happens at the base controls level in the search for anomalies and deltas between data layers

EDIT CONTROLS

  • • Monitor changes to data in alignment with version control
  • • Audit controls for changes in information on person, time, activity
  • • Access to all required info and tools easily
  • • Proposals, SQL lookups, and data plan trackers
  • • Audit trail accessible on desired information

DOCUMENT MANAGEMENT

  • • All documents within the Active Base control and the Edit control
  • • Spreadsheets

MONITOR CONTROLS - HR

  • • HR department requirements, e.g. are employees still enabled in the AD
  • • Saved snapshots for analysis
  • • Alerted to develop or retained within an audit report and referenced at any time

SAFEGUARDED BY EXTERNAL IT AND AUDITING SPECIALISTS

DEVOPS

    View:
  • • Findings/ failures
  • • Analytics: new users; operating system; new devices

CUSTOM DELTAS

    View:
  • • Device compliance
  • • Software Inventory Versions
  • • Software Inventory Application Breakdown
  • • Device identification criteria

SECURITY

    View:
  • • Vulnerability statistics
  • • Risk score and Risk status

ADMINISTRATION & BACK-UPS

    View:
  • • HR - Contract type, Status, performance score, department, division
  • • Vendor - Risk score, service type, performance assurance
  • • Server back-up
  • • Software Application back-up

ICCS GRC VAULT

The Vault acts as a conduit which is both access-controlled for deeper analysis and tamper-proof




GRC FOR AUDITORS

Our goal has been to develop a solution that eliminates navigational complexities that lead to internally disjointed permissions and faulty integrational functionalities where evidential data cannot stand up to scrutiny

Conclusive, up-to-the-minute, visual reporting is the only yardstick by which truth can be measured. We've developed a tool with our audit partners biggest challenge at heart - to eliminate sample testing and reporting of specific controls within a review period. Instead, we've provided an assured, direct means that brings about complete understanding of current conditions or shortfalls within their client portfolios



1
Audit Approach

A proactive approach to auditing allows for complete rationalization

By moving from an internal periodic or sporadic auditing methodology to an external on-stream, manned and monitored model, auditors gain detailed insight into an organisation's risk index and its impact on the operational framework.

2
Objective Reporting

Multi-level companies rely on objective, evidential reporting

Leverage continuous intelligence assessments that establish compliancy and regulatory mandates, expose erroneous behaviours, consolidate assessment parameters, and systematize IT controls activity.

3
Understanding Controls

Understanding controls in a set of conditions within parameters

We've merged decades of auditing experience with active business knowledge and specialized technological skills to create solutions that overcome every challenge and meet every scenario.

4
First in Class

We bring you a first in class...

A continuous auditing solution that couples pre-defined configured architectures with rigorous industry-specified requisites.

ICCS GRC introduces

GRAIC

grAIc utilises the Diagnostic analysis concept of AI


The first complete compliance testing in audit

  • Eliminate resource constraint
  • Achieve both exact and approximate correlations/relationships within ALL data sources
  • Bridge the gap between structured and unstructured data searches

THE HYPE AROUND AI AND WHAT EVERYONE CURRENTLY SEES

There are a limited number of data & audit analysts/data scientists within an organisation’s internal structure. Where fewer data sources exist, it is assumed that exact & approximate relationships are overlooked. Large organisations lose control due to unstructured data flows considering that IP & strategic value is lost.

CURRENT USE OF AI

  • Exemplified by Large language models (GBT)
  • Generative AI
  • Used for assistance

TRADITIONAL MODEL

  • ML models for pattern recognition
  • Algorithms for prediction, clustering, neural networks etc.

DATA ANALYSIS

  • Automated data extraction
  • Improved decision making processes
    • Audit Compliance testing
  • Analysis of trends, marketing, healthcare

THE RIGHT WAY TO LOOK AT AI

Descriptive Analysis

Purpose: Summarize/Visualise past information

Value:

  • Period-specific Transactions/Events
  • Report creation
  • Pattern Identification

Diagnostic Analysis

Purpose: Understanding the reasons influencing outcomes

Value:

  • Exact & approximate correlations/relationships between structured & unstructured data
  • Making unstructured data searchable
  • Categorisation of data
  • Automating complete data analysis

Predictive Analysis

Purpose: Forecasting, estimation

Value:

  • Predict future events
  • Predict non-compliance or disaster
  • Fortification against disaster

Prescriptive Analysis

Purpose: Recommended actions to optimize compliance

Value:

  • Strategic focus areas for teams
  • Guide corrective actions
  • Optimize resource allocation
AUDIT AND DATA ENGINEERS EXCEL BY AUTOMATING COMPLETE DATA ANALYSIS AT HIGH SPEEDS THROUGH MAKING STRUCTURED AND UNSTRUCTURED DATA SEARCHABLE

Enquiries

Please share your enquiry in the comment field