The Mobius Cyber Security team recently completed a Cyber Security audit for a leading asset management client in the financial services industry. The objective of the project was to provide independent assurance on the adequacy and effectiveness of key Cyber Security controls in the environment.
Our approach to performing the audit was aligned to Institute of Internal Audit (IIA) standards and included:
Understanding the business: we obtained an understanding of the client’s current control environment by meeting with process, system and control owners to perform process walkthroughs to identify key risks and controls across the governance, people, processes, and technology aspects of cybersecurity.
Planning and scoping: we performed an inherent risk analysis and documented the risks and associated controls in the form of a Risk and Control Matrix (RCM) based on the scope of the review.
Perform adequacy and effectiveness testing: we tested the design and implementation of the key controls identified and based on the testing performed identified control deficiencies in the environment.
Reporting: we validated control deficiencies with the process, system and control owners and drafted a detailed report outlining all findings, risk ratings, root causes as well as management actions for the findings identified.
The outcome of the project was that we were able to provide the client with a level of comfort that key control deficiencies and gaps in their cyber security environment had been identified and practical actions were in place with a view to improving the overall cyber security risk posture of the organisation.
Our audit services are aligned to best practice information and Cyber Security standards and frameworks.
Should you require independent audit services to assess your organisation’s Cyber Security capability, please contact us.