STPL’s Consulting Services deliver integrated, end-to-end IT enabled solutions and services to help Business transform with certainty and devise the most effective strategy and implement the best solutions.
In the ever-increasing demand for banks to excel in their offerings and to comply with the regulatory compliances, they often need Business, Management , Process and Technology Consultants to help them :
To build IT strategy and align them with the business vision of the bank and Leverage IT for business
IT capacity planning & required budgeting
Study on People, Process & IT resource profiling
Study on various Software used at bank
Gap analysis of the Shri G.Gopalakrishna report against existing IT landscape
Understand the current Risk and Vulnerabilities of the bank and do a Gap analysis to protect the assets of the Bank
Assist the bank in identifying Risk Management and other management softwares and
Comply with IT Audit requirement from the operational and compliance angle
How STPL help the clients ?
Adapt to the changing market conditions
Align IT with Business goals
Optimise costs, while maintaining high customer satisfaction
Accelerate time-to-market for new products and services
Integrate distributed operations and systems into a cohesive organisation
Meet industry standards and compliance requirements
Leverage emerging technologies effectively
STPL’s expertise in Consultancy includes the following:
Technology & Business Consulting
IS Audit and Strategy
1. Technology & Business Consulting
STPL with its in-depth business insight and knowledge and technology expertise in CBS platform, Net banking, payment Systems, IT Infrastructure, Various HRMS & Back office workflow software, Firewalls, Servers & Storage devices , ATMs & its supporting infrastructure is better positioned to offer its services to the Banks in their need for various consultancy services in the areas of Business & Management and IT Audit and Assurances areas.
STPL’s Framework for IT Consultancy is based on COBIT-5, . ITIL V3 / ITSEC/CC , ISO 27001:2005 / BS 7799 , Sri G.Gopalakrishna Report on Information Security, Electronic Banking, Technology Risk Management, and Cyber Frauds, Industry best practices in Capacity management, information security & IT operations, RBI guidelines and IDRBT expert opinions.
STPL areas of IT Consultancy and Assurances include:
Business Process and Change Management
Business and Technology Optimisation
Business & IT Architecture
IT Process and Service Management
Cloud Advisory Services
Service Integration and Management
2. IS Audit and Strategy
STPL offers a spectrum of IT audits with the following categories of audits:
Various IT Audits – Application and Migration, Compliance and Regulatory
Health Checks (Security Benchmarking)
Security Manuals / Handbooks
STPL’s Methodology in IT Audit:
Chalk out detailed audit plans, checklists, tools for technical audits (operating systems, LANs, etc.)
Under CobiT: Conduct Audit for all IT processes
Under ITSEC, CC: Draw up systematic approach for evaluations
Under BS7799, BSI: List detailed security measures to be used by the bank as best practice documentation
Audit scope would include - general aspects of banking, infrastructure audits and application and migration audits
The Audit Team would interact with
The IT infrastructure persons and various Team located IT Installations including Data Centre & Disaster Recovery Site
In addition, the Team would interact with IT Head/Managers, Business Heads representing Credit Division, Planning & Development & CFO, Regional heads - Risk Management, Head BPRD and the Audit team
Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.
Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
Systems Development and Migration: An audit to verify that the systems under development meet the objectives of the organisation, and to ensure that the systems are developed in accordance with generally accepted standards for systems development. The Migration audit ensures that the objectives of the organisation has been met as per the Requirements of the System and verify that the standards have been complied with.
Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing. This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".
Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.
EDP Audit: An Audit of all information system assets, to ensure that they are adequately safeguarded against risks and vulnerabilities of natural and man made disasters by reviewing "general control” and "application control ".
The Audit Process
The following would be the general steps in performing the Information Technology Audit Process:
Studying and Evaluating Controls
Testing and Evaluating Controls
The preliminary details to understand the client’s requirement would be collected based on interviewing the client’s personnel and a visit to the Client/ Data centre. The consultant would further discuss with various heads of departments and stake holders, in the matter.
The Consultant would generally interact with various officials of the client - CEO, IT Head/Managers, Business Heads, IT infrastructure and the Team.
The Engagement would submit a report covering the following: