Risk
Consulting

Risk Consulting is a specialized field of management consulting that helps organizations develop strategies to manage business risks through internal audit & control self-assessment initiatives 

Mckell Risk Management Pte Ltd, established in 2017, is a Singapore-based Risk Consulting firm specializing in internal audit and risk solutions for all business sectors.

Dedomena Technologies operates as the Technology Risk Management (TRM) division and serves as the business brand name of the firm.

McKell Risk Assurance Services division provides services in Internal Audit, Control Self-Assessment, Risk Assurance, and Strategic Business Review.

Since our establishment in 2017, we have opted for organic growth, identifying and targeting businesses that would benefit from our specialized services, rather than pursuing aggressive expansion strategies.

Our niche consultancy delivers expert counsel and strategic guidance while implementing practical and tailored risk solutions that generate positive outcomes for our clients, partners, and their evolving communities.

We function independently from any ownership affiliations in connection with Public Accounting Corporations or Corporate Service Provider (CSP) entities in Singapore or overseas.

Our Risk Services

*

Our Risk Services *

Outsourced DPO Services

Basic Services Package

o Ensuring PDPA Compliance

Our facilitation and validation of the Data Protection Self-Assessment conducted through the PDPA Assessment Tool for Organizations (PATO) and Data Inventory Map (DIM) techniques.

Review and develop Data Governance Frameworks, Privacy Statements, Policies and Measures.

o Fostering a Data Protection Culture

Deliver Personal Data Protection Act (PDPA) consultancy services and training programs to all staff members, in accordance with the Personal Data Protection Commission's (PDPC) Advisory Guidelines on Key Concepts in the PDPA.

o Cybersecurity advisory and training

Delivering comprehensive training, professional guidance and disseminating essential information regarding IT risks, information security and cybersecurity fundamentals throughout the organization.

o Efficient Handling of Data Inquiries

o Alert Management on Personal Data Risks

o Liaise with PDPC when required

o Develop and Implement Data Breach Response Plan

Advanced Services Package with add-on

o Advisory services and guided implementation of Data Protection Essentials (DPE), Data Protection Management Programme (DPMP), Data Protection by Design for ICT Systems, and Data Protection Impact Assessment (DPIA).

o Training program’s contents extended to include the Advisory Guidelines on the PDPA for Selected Topics.

o Review or guided implementation of Advanced Data Protection Practices in accordance with the PDPC's Guide to Data Protection Practices for ICT Systems.

Our Basic and Advanced Services packages exclude PDPA compliance audit services, as well as any facilitation and formal validation of comprehensive information technology risk assessment services pertaining to the organization's information security and cybersecurity control measures.

PDPA Compliance Audit

A systematic assessment of the organization’s data protection policies and procedures, conducted based on a risk-based internal audit methodology, evaluates compliance with Data Protection Obligations under the PDPA. This review identifies compliance gaps and risks in data protection practices through controls testing and provide recommendations for remediation plans according to the PDPA and data protection best practices.

Strategic Business Review (PEIs)

We conduct independent business review of Private Educational Institutions (PEI) as required by the credit bureau to assign them the credit rating needed for their registration renewal under the Enhanced Registration Framework (ERF). Key review areas encompass the PEI’s 5-year strategic and financial sustainability plan, governance structures, risk management system, and opportunity identification.

Sustainability Reporting Services

Our sustainability reporting services provide support to organizations in developing and implementing their sustainability reporting roadmap and drafting the sustainability report that align with the GRI standards and other relevant frameworks. We also conduct internal review on the sustainability reporting process in accordance with the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors.

IT Audit

(A) An independent technology audit encompassing audit program development, execution of test procedures, and issuance of formal reports with authoritative sign-off, detailing findings and proposing remedial measures for systems enhancement, modifications, and upgrades.

[B] Attest to the organization's internal information security and/or cybersecurity infrastructure self-assessment by formally validating the assessment methodology and results.

IT Audit Support for Statutory Audit

Leveraging our specialized expertise in IT auditing, we provide support to Public Accounting Corporations (PAC), in evaluating their audit clients' IT controls. We assess the effectiveness of these controls in safeguarding assets and preventing or detecting material misstatements, enabling them to determine the nature and extent of audit procedures in their audit planning.

We also support PAC in special audit that ensures compliance with MAS's Technology Risk Management Guidelines (TRMG) for Financial Institutions.

Control Self-Assessment (CSA)

Control Self-Assessment (CSA) is an effective risk management tools recommended by the Audit Committee Guidance Committee (ACGC) Guidelines for the Board and audit committees to give an informed opinion on the state of internal controls and risk management systems of the organization.

CSA and internal audits are both methods for evaluating an organization's internal controls, but they differ in their focus and execution. CSA emphasizes proactive involvement by operational staff in assessing their own controls, while internal audits are conducted by a separate, objective function to evaluate existing controls and provide independent assurance. CSA can be used by internal auditors to gather information, focus on high-risk areas, and facilitate effective audit planning.

We work with you to tailor a pragmatic approach that best deploys CSA in your organization.

Risk Management Services

Our firm specializes in technology and operational risk management services, assisting organizations in identifying, assessing, evaluating, prioritizing, and mitigating specific risks that could adversely affect their operations, financial stability, and overall success. Through this systematic and structured approach, we help clients minimize potential losses and enhance their capacity to navigate uncertainties.

Cybersecurity Consulting

We help organizations to measure and track their progress in cybersecurity health by implementing the Cybersecurity Health Check tool developed and launched by the Cyber Security Agency of Singapore (CSA), recommending solutions to close any gaps identified and enhance cybersecurity controls in enabling organizations to attain the Cyber Essentials certification.

Internal Audit

Internal Audit Outsourcing

As the outsourced internal auditor reporting to the Board Audit Committee, we conduct objective and independent internal audits to evaluate your organization's compliance, financial, technological, and operational controls through comprehensive audit planning and execution.

Internal Audit Co-sourcing

We serve as external internal auditors to complement your internal audit department by providing the expertise, insights and assurance you need to deliver against your objectives and meet the board's expectations.

Our internal audit service engagements adhere to the International Standards for the Professional Practice of Internal Auditing, as issued by The Institute of Internal Auditors, and concentrate on one or more of the following key business processes and risk trends:

  • Internal control over financial reporting

  • Financial management

  • Procure-to-pay (Expense Cycle) and order-to-cash (Revenue Cycle)

  • Supply chain, third-party risk and contract management

  • Data Protection (PDPA)

  • Information security and computer operations

  • Cybersecurity

  • Business continuity

  • Regulatory change

  • Sustainability reporting process

  • Enterprise risk management system and policy (including technology risk management)

  • Organizational culture and ethics

  • Health and safety

Clientele and External Partners

Companies listed on the SGX Mainboard, along with their subsidiaries and principal third-party vendors operating in property development and investment, real estate, serviced residences, and construction engineering sectors

Catalist listed company in the water treatment industry

Heavy equipment and mining company in Indonesia

Korean global engineering and construction conglomerate

Multi-specialty hospital in Indonesia owned by
private equity firm & Indonesia-based investment management company

Payment service provider

Software platform developer

Mobile entertainment and marketing services

E-Commerce startup

EdTech

Cryptocurrency and NFT Project company

Private Education Institutions (PEI)

Corporate training services

Social Enterprise

Food and Beverages

Registered Fund Management company

MINDEF-Related Organizations (MROs) including country club and media company

Commodities and Biofuels


Chemical Manufacturing

AND

Our external network of Strategic Collaborative Partners in these sectors:

Public Accounting Corporation

Risk Advisory Firm

Technology Firm

Licensed Cybersecurity Firm

Legal Firm

and professional individuals who possess the Chartered Accountant and/or Certified Internal Auditor credentials

The AI Ethics Movement is Growing at a Strong Pace

Mckell Risk Management has joined the AI Ethics and Governance Movement to promote and raise awareness of AI Ethics in the responsible use and adoption of AI

Along with more than 200 other organizations that support the cause, you can find our company's logo displayed on the Singapore Computer Society (SCS) website