IT AUDIT SERVICES

Parker Randall is U.A.E member of Parker Randall International with member firms worldwide. PRI is a worldwide organization of independent professional accounting firms and business advisers, providing the clients with an extensive and personalized range of integrated services. Parker Randall UAE in association Qadit- India (www.qadit.com) providing the following IT Audit services:INFORMATION SYSTEMS AUDIT Our Information Systems Audit Portfolio covers the following: 1. IS Controls Review Review of existing Information systems security controls against best practices and industry standards. Gap analysis with standards such as ISO27001, SANS, NIST etc / other industry benchmarks like CIS, CERT etc. Making recommendations to improve and strengthen IS controls. 2. Network Audits (including vulnerability and penetration testing) Auditing management and security of networks. Examining the extent to which network security meets internal standards. Vulnerability assessment and penetration testing of the networks. In-depth review of configurations of various network devices such as routers, firewalls, etc and benchmarking them against secure configuration standards. Providing an overall review of the consistency, quality and reliability of the network management processes. Recommend opportunities for improvement. 3. Data Centre Audits Data Centre Operations Review General Computer Controls Review covering - IT Assets and Resources - Personal Security - Physical and Environmental Security - Access Controls Operating System Review Database Controls Review Network Controls Review

AbuDhabiTel:+97126452666Fax:+97126454499 DubaiTel:+97142959958Fax:+97142959945

www.parkerrandalluae.com

4. Business Application Audits Testing the application capabilities, features and limitations. Establishing the reasonableness of applications logical access controls. Audit of SDLC process. Review of the operational adequacy of the application package. Performance testing using tools. 5. Web Application Security Testing Testing web application for security vulnerabilities Review of web application source code against secure coding standards Review of underlying operating systems and applications Strengthening website security 6. Migration Audits Review of migration process from legacy systems to state of the art systems like SAP, Oracle Applications. Review of migration process from a non-CBS to a CBS environment. Review of Data Centre migration process

SAP AUDIT Our SAP Audit portfolio covers the following: 1. Post Implementation Review Post implementation review includes providing assurance to the management on the quality of SAP implementation and also whether the SAP implementer has delivered what it has promised. This involves carrying out the following activities: Validating SAP Configurations with Business Blue Print document. Reviewing the existing SAP configuration and identifying areas for improvements/enhancements; Audit of functional modules like FI, CO, GL, MM, SD, AM, HR PP, PS, and PM from an internal control perspective. 2. Review and Design of User Access and SAP Review of User Access design in SAP to ensure access to transactions does not result in the SAP violation. The SAP User Access Review Assurance involves the following review tasks: Validation of Roles, Profiles and Rights assigned in SAP with the functional roles performed by the users and to identify discrepancies. Identify users with access to transactions that are not part of theirs job roles. Identify critical violation of segregation of duties controls.

AbuDhabiTel:+97126452666Fax:+97126454499 DubaiTel:+97142959958Fax:+97142959945

www.parkerrandalluae.com

3. Review of Configuration Controls SAP processes, configuration controls and reporting features are assessed as part of the Configuration Control Review. This is essential in achieving the following management objectives: Enforcement of discipline in the SAP system by identifying inappropriate operational processes and procedures Audit of functional modules like FL, CO, GL, MM, SD, AM, HR, PP, PS, and PM from an internal control perspective Identification of exceptions and management control over them. Verification of the organizations Delegation of Authority with SAP configurations 4. Training Our services include providing training to:The internal audit department to facilitate audit various functional modules like FI, CO, GL, MM, SD, AM, HR, PP, PS and PM. End-users on SAP features and functionality IT SECURITY CONSULTING Our IT Security consulting portfolio covers the following: 1. Risk Assessment Identifying IT related vulnerabilities in a given environment Analyzing the likelihood of a threat being exercised against vulnerability and the resulting impact from a successful compromise. Assessing the adequacy of existing controls and making recommendations for improving the same. 2. Creation of ISMS (Security policy, procedures, and Guidelines) Information Security Management Systems (ISMS) creation means creation of a set of policies, procedures and guidelines for information security management. A robust and strong ISMS is a pre-requisite for obtaining ISO 27001 certification. ISMS consist of the following components: Organizing Information Security Asset Management Human Resources Security Physical & Environment Security Communication & Operations Management Access Control Information Systems-Acquisition, Development and Maintenance Information Security Incident Management Business Continuity Management Compliance

AbuDhabiTel:+97126452666Fax:+97126454499 DubaiTel:+97142959958Fax:+97142959945

www.parkerrandalluae.com

3. Design of IT Security Infrastructures, BCP and DRP Our services include guiding in the design of IT Security architecture which makes use of the most appropriate products and services to deliver a comprehensive security solution in a cost-effective manner. We also guide on the creation of a Business Continuity and Disaster Recovery Plan. Effective BCP and DRP are essential to Specify the set of activities to be adopted after an emergency Maintain continuity of business in the event of a disaster Give assurance to the different stake holders that services shall be available as and when it is needed. Resume normal business activities with minimum disruption and loss of time. 4. ISO 27001 ISO 27001 is a standard setting out the requirements for an Information Security Management System (ISMS). It provides an auditable guideline for Information Security. An organization, using ISO 27001 as the basis for its ISMS can be certified by accredited certifying bodies, thus demonstrating to stakeholders and customers that the ISMS meet the requirements of an international standard. An effective and efficient ISMS is a pre requisite for an ISO 27001 certification. Qadit helps its clients in implementing such an ISMS, by offering the following services in a structured and time bound manner: GAP analysis (Existing position vs ISO27001 guidelines) Risk Assessment Creation and implementation of ISMS 5. Training We conduct Training Programs and Workshops to create awareness about Information Security and also provide hands-on experience of formulating an ISMS.

AbuDhabiTel:+97126452666Fax:+97126454499 DubaiTel:+97142959958Fax:+97142959945

www.parkerrandalluae.com

KEY PERSONNEL

N Venkatakrishnan Director Risk Assurance FCA, ICWAI Mahesh Balan-Director IS Audits ACA, CISA, DISA, Certified Ethical Hacker, BS7799 Lead Auditor V Vijayakumar - Director IT Assurance Services ACA, CISA, DISA, AICWA, Certified Ethical Hacker, BS7799 Lead Auditor N Swameshwar - Director IS Consulting FCA, DISA, Grad CWA Suresh Rangarajan - Director GRC & SAP ACA, CISA, CPA

RESOURCE PROFILE

Certified Information Systems Auditors (CISA) -8 Diploma in Information Systems Audit (DISA) -6 Chartered Accountants (ACA) -10 ISO27001 Lead Auditors -2 Certified Ethical Hackers -2 Certified Public Accountants (CPA) -3 B Tech / MCA 2

We at Parker Randall present our reports in both Arabic and English Language.

AbuDhabiTel:+97126452666Fax:+97126454499 DubaiTel:+97142959958Fax:+97142959945

www.parkerrandalluae.com