Outsourced DPO Services

Basic Services Package

o Ensuring PDPA Compliance

We facilitate and validate the data protection self-assessment conducted by organizations through the PDPA Assessment Tool for Organizations (PATO) and Data Inventory Map (DIM) techniques.

Advise on the development of privacy statements and PDPA compliant policies and protection measures.

o Fostering a Data Protection Culture

Provide PDPA consultancy services, and training and education programs to all staff members based on the Personal Data Protection Commission's (PDPC) Advisory Guidelines on Key Concepts in the PDPA.

o Efficient Handling of Data Inquiries

o Alert Management on Personal Data Risks

o Liaise with PDPC when required

o Develop and Implement Data Breach Response Plan

Advanced Services Package with add-on

o Advisory with guided implementation of the Data Protection Essentials (DPE), Data Protection Management Programme (DPMP), Data Protection by Design for ICT Systems, and Data Protection Impact Assessment (DPIA).

o Training and education program extended to include the Advisory Guidelines on the PDPA for Selected Topics and the Guide to Basic Anonymisation.

o Advise with guided implementation of Advanced Data Protection Practices in accordance with the PDPC's Guide to Data Protection Practices for ICT Systems.

PDPA Audit

A systematic assessment of the organization’s data protection policies and procedures, conducted based on a risk-based internal audit methodology, evaluates compliance with Data Protection Obligations under the PDPA. This review identifies compliance gaps and risks in data protection practices through controls testing and provide recommendations for remediation plans according to the PDPA and data protection best practices.

Strategic Business Review (PEIs)

We conduct independent business review of Private Educational Institutions (PEI) as required by the credit bureau to assign them the credit rating needed for their registration renewal under the Enhanced Registration Framework (ERF). Key review areas encompass the PEI’s 5-year strategic and financial sustainability plan, governance structures, cost rationalization program, risk management system, and opportunity identification.

Sustainability Reporting Services

Our sustainability reporting services provide support to organizations in developing and implementing their sustainability reporting roadmap and drafting the sustainability report that align with the GRI standards and other relevant frameworks. We also conduct internal review on the sustainability reporting process in accordance with the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors.

IT Audit and Risk Assessment

(A) An independent technology audit encompassing audit program development, execution of test procedures, and issuance of formal reports, detailing findings and proposing remedial measures for enhancement to IT controls, systems, modifications, and upgrades.

(B) Attest to the risk and control self-assessment conducted by the organization on its IT systems by formally validating the assessment methodology and results.

(C) Our Data Protection Officer (DPO)-as-a-Service incorporates IT risk assessment components, with scope and depth tailored to meet specific client requirements.

(D) Our Internal audit services consistently encompass the evaluation of the adequacy and effectiveness of the organization’s IT controls as per regulatory and licensing requirements, and organizational business objectives.

IT Audit for Statutory Audit

IT audit that supports financial statement audit by examining the technology that handles financial data.

Singapore Standard on Auditing (SSA) 315 (Revised) requires the auditor to identify and assess the risks of material misstatement in the financial statements, through understanding the entity and its environment, including the entity’s IT control. With an in depth understanding of the entity’s IT environment, it enables the auditor to identify the IT risks, and to design and implement appropriate audit responses to address those identified risks

Leveraging our specialized IT audit expertise, we provide support to Public Accounting Corporations (PAC), in evaluating their audit clients' IT controls in their effectiveness in safeguarding assets, and preventing or detecting material misstatements, enabling the external auditors to determine the nature and extent of audit procedures.

Control Self-Assessment (CSA)

Control Self-Assessment (CSA) is an effective risk management tools recommended by the Audit Committee Guidance Committee (ACGC) Guidelines for the Board and audit committees to give an informed opinion on the state of internal controls and risk management systems of the organization.

CSA on financial reporting quality is a process where a company's employees from the finance, operation and business functions evaluate the effectiveness of their internal controls over financial reporting. It helps ensure that financial statements are accurate, reliable, and compliant with accounting standards and regulatory requirements, thereby reducing the risk of material misstatements.

CSA and internal audits are both methods for evaluating an organization's internal controls, but they differ in their focus and execution. CSA emphasizes proactive involvement by operational staff in assessing their own controls, while internal audits are conducted by a separate, objective function to evaluate existing controls and provide independent assurance. CSA can be used by internal auditors to gather information, focus on high-risk areas, and facilitate effective audit planning.

We work with you to tailor a pragmatic approach that best deploys CSA in your organization.

Risk Management Services

Our firm specializes in technology and operational risk management services, assisting organizations in identifying, assessing, evaluating, prioritizing, and mitigating specific risks that could adversely affect their operations, financial stability, and overall success. Through this systematic and structured approach, we help clients minimize potential losses and enhance their capacity to navigate uncertainties.

Cybersecurity Consulting

We help organizations to measure and track their progress in cybersecurity health by implementing the Cybersecurity Health Check tool developed and launched by the Cyber Security Agency of Singapore (CSA), recommending solutions to close any gaps identified and enhance cybersecurity controls in enabling organizations to attain the Cyber Essentials certification.

Internal Audit

Internal Audit Outsourcing

As the outsourced internal auditor reporting to the Board Audit Committee, we conduct objective and independent internal audits to evaluate your organization's compliance, financial, technological, and operational controls, and risk management systems through comprehensive audit planning and execution.

Internal Audit Co-sourcing

We serve as external internal auditors to complement your internal audit department by providing the expertise, insights and assurance you need to deliver against your objectives and meet the board's expectations.

Our internal audit service engagements adhere to the International Standards for the Professional Practice of Internal Auditing, as issued by The Institute of Internal Auditors, and concentrate on one or more of the following key business processes and risk trends:

• Internal control over financial reporting

• Financial management

• Procure-to-pay (Expense Cycle) and order-to-cash (Revenue Cycle)

• Supply chain, third-party risk and contract management

• Data Protection (PDPA)

• Information security and computer operations

• Cybersecurity

• Business continuity

• Regulatory change

• Sustainability reporting process

• Enterprise risk management system and policy (including technology risk management)

• Organizational culture and ethics

• Health and safety