Security & Controls
Your reliance on systems increases year by year, and the sophistication with which those system interact with one another grows in line with this There is a parallel increase in the risks present in these systems as their complexity makes it hard to track and understand the gaps that inevitably develop, which make your systems and data prone to some level of risk.
We can help you determine where risks exist, and formulate effective responses to manage and mitigate these. Since so many risks relate to security, our review includes a considerable security component.
We can map the outputs of our review to various standards to suit different needs, including Cyber Essentials, GDPR, ISO27001, SOC2 and cyber-insurance renewals.
Accountants and lawyers are assumed to be trusted guardians of client data. There are any number of technological solutions to help maintain privacy and security, but as the challenges and the solutions become more complex you need expert insight and advice to ensure they are being correctly applied.
We provide varying levels of service to help you:
- One-off reviews, for you to get an overview of your situation or meet a particular need such as an insurance renewal
- Repeat reviews, as above, typically on a annual or half-yearly basis
- Fractional CISO (Chief Information Security Officer), working alongside your internal technology team, providing on-going expert insight and advice without the commitment of a full-time CISO
Auditors must increasingly provide insight into IT general controls, especially where these can lead to risk of material misstatement or consequential serious impact. If your firm needs more experts and expertise in this field, especially for those clients with large ERP platforms or with many interconnected systems, we can help.
Our review process can be mapped to ISA315 requirements, providing you with a turnkey solution that you can package into your own audit service with a minimum of effort; alternatively, we can simply provide an opinion or insight if you need some extra help.
Major Systems
From time to time firms will undertake the replacement of a major system. This can be a daunting task, as it places great demands on the IT team and users, and also often has impacts far beyond the system being replaced, especially in terms of data and process change.
Major systems are usually expensive and making the wrong choice of system or supplier can lead to an unsuccessful or suboptimal result. The cost and resource commitment expended means that this will have to be endured for years, and so the stakes of “getting it right” are considerable.
We have a great deal of experience in determining what a new system must deliver, selecting the right solution and vendor, procuring software and services, and setting out a realistic path for the project to migrate to the new environment.
Our particular areas of expertise are set out below.
At the heart of a firm is its practice management system (PMS). Many of these systems are really quite ancient, with technology often twenty or more years old. Changing PMS is not for the feint-hearted however. Over the years, most PMS evolve to cater for many nuanced operations within a firm, detailed reporting requirements, and countless integrations.
We can help you really understand what your PMS needs to do and help you review the market (both within your sector and outside of it, and to include both PMS and ERP systems). We also look at data and processes, and formulate better data architectures and improved processes. We help you migrate data and implement process change.
Client Relationship Management (CRM) is probably the least well-understood software in professional firms. Its very flexibility and agility can make it very hard to specify, and its overlaps with other systems – often quite old, legacy systems – can make integration and implementation a particular challenge.
We have extensive experience with most leading CRM systems, both general market and industry specific, allowing us to advise you on their selection, implementation and, most importantly, their adoption.
CRM can be the most powerful tool you ever deploy to support business development and pro-active client engagement. But choosing and using it well is a subtle art, and CRM has perhaps the biggest gap between what vendors want to supply, and the precise needs of your firm. It is a gap we can fill, increasing the chances of a successful deployment.
Document Management Systems (DMS) have been in use at most firms for many years, and most of our clients are now on their second or third iteration of these systems.
However, in recent years the market has progressed considerably, particularly with the advent of cloud-based systems. These are also evolving from being back-office repositories into more integrated and client-facing systems, often providing portal and e-signing facilities alongside traditional storage functions.
We have extensive experience of choosing a new DMS, migrating what can be very substantial amounts of data, and defining and helping with the adoption of new processes to make the most of a next-generation DMS in your firm.