STPL’s Consulting Services deliver integrated, end-to-end IT enabled solutions and services to help Business transform with certainty and devise the most effective strategy and implement the best solutions.
In the ever-increasing demand for banks to excel in their offerings and to comply with the regulatory compliances, they often need Business, Management , Process and Technology Consultants to help them :
How STPL help the clients ?
- To build IT strategy and align them with the business vision of the bank and Leverage IT for business
- IT capacity planning & required budgeting
- Study on People, Process & IT resource profiling
- Study on various Software used at bank
- Gap analysis of the Shri G.Gopalakrishna report against existing IT landscape
- Understand the current Risk and Vulnerabilities of the bank and do a Gap analysis to protect the assets of the Bank
- Assist the bank in identifying Risk Management and other management softwares and
- Comply with IT Audit requirement from the operational and compliance angle
STPL’s expertise in Consultancy includes the following:
- Adapt to the changing market conditions
- Innovate continually
- Align IT with Business goals
- Optimise costs, while maintaining high customer satisfaction
- Accelerate time-to-market for new products and services
- Integrate distributed operations and systems into a cohesive organisation
- Meet industry standards and compliance requirements
- Leverage emerging technologies effectively
1. Technology & Business Consulting
- Technology & Business Consulting
- IS Audit and Strategy
STPL with its in-depth business insight and knowledge and technology expertise in CBS platform, Net banking, payment Systems, IT Infrastructure, Various HRMS & Back office workflow software, Firewalls, Servers & Storage devices , ATMs & its supporting infrastructure is better positioned to offer its services to the Banks in their need for various consultancy services in the areas of Business & Management and IT Audit and Assurances areas.
STPL’s Framework for IT Consultancy is based on
COBIT-5, . ITIL V3 / ITSEC/CC , ISO 27001:2005 / BS 7799 , Sri G.Gopalakrishna Report on Information Security, Electronic Banking, Technology Risk Management, and Cyber Frauds, Industry best practices in Capacity management, information security & IT operations, RBI guidelines and IDRBT expert opinions.
STPL areas of IT Consultancy and Assurances include:
2. IS Audit and Strategy
- Business Change
- Business Process and Change Management
- Program Management
- Business and Technology Optimisation
- Business & IT Architecture
- IT Performance
- IT Process and Service Management
- IT Strategy
- Cloud Advisory Services
- Service Integration and Management
STPL offers a spectrum of IT audits with the following categories of audits:
STPL’s Methodology in IT Audit:
- Various IT Audits – Application and Migration, Compliance and Regulatory
- Risk Analysis
- Security Concepts
- Health Checks (Security Benchmarking)
- Security Manuals / Handbooks
The Audit Team would interact with
- Chalk out detailed audit plans, checklists, tools for technical audits (operating systems, LANs, etc.)
- Under CobiT: Conduct Audit for all IT processes
- Under ITSEC, CC: Draw up systematic approach for evaluations
- Under BS7799, BSI: List detailed security measures to be used by the bank as best practice documentation
- In addition:
- Audit scope would include - general aspects of banking, infrastructure audits and application and migration audits
Systems and Applications:
- The IT infrastructure persons and various Team located IT Installations including Data Centre & Disaster Recovery Site
- In addition, the Team would interact with IT Head/Managers, Business Heads representing Credit Division, Planning & Development & CFO, Regional heads - Risk Management, Head BPRD and the Audit team
An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system's activity.
Information Processing Facilities:
An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.
Systems Development and Migration:
An audit to verify that the systems under development meet the objectives of the organisation, and to ensure that the systems are developed in accordance with generally accepted standards for systems development. The Migration audit ensures that the objectives of the organisation has been met as per the Requirements of the System and verify that the standards have been complied with.
Management of IT and Enterprise Architecture:
An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing. This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".
Client/Server, Telecommunications, Intranets, and Extranets:
An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.
An Audit of all information system assets, to ensure that they are adequately safeguarded against risks and vulnerabilities of natural and man made disasters by reviewing "general control” and "application control ".
The Audit Process
The following would be the general steps in performing the Information Technology Audit Process:
- Studying and Evaluating Controls
- Testing and Evaluating Controls
The preliminary details to understand the client’s requirement would be collected based on interviewing the client’s personnel and a visit to the Client/ Data centre. The consultant would further discuss with various heads of departments and stake holders, in the matter.
The Consultant would generally interact with various officials of the client - CEO, IT Head/Managers, Business Heads, IT infrastructure and the Team.
The Engagement would submit a report covering the following:
- Executive Summary
- Aims & Objectives
- Recommendations and Action plans
- Disseminating information and presenting results