IT Assurance Services And Role Of CA In BPO-KPO. IT Enabled Services And Emerging Technologies

Transcription

1 IT Assurance Services And Role Of CA In BPO-KPO IT Enabled Services And Emerging Technologies Chapter 2: Facilitated e-learning Part 1 of 2 CA M S Mehta, FCA 1

2 IT Assurance Services and Role of CA in BPO-KPO Task Statements 1.6 Consider the impact of deployment of key existing and emerging technologies. Knowledge Statements 1.8 Knowledge of Functioning and impact of key emerging technologies. 2

3 IT Assurance Services AND Role Topics Covered of CA in BPO-KPO Introduction Opportunities for CAs IT Consulting & Assurance services by CAs Business Process Outsourcing 3

4 Introduction Information Technology has pervaded every aspect of an Enterprise IT adoption carries some threats. Threats can be different for SMEs or Large Enterprises. The threats to SME relate more to size and limited manpower. In large enterprises it could be due to over dependency onkey personnel. 4

5 Why CAs require IT Competencies CAs need to embrace IT due to the very reason that IT is a key enabler in enterprises CAs require IT competencies, For survival with everything turning digital, online and E-returns, E- reports..the very subsistence depends on IT competencies. CA firms have to use IT in their own offices to provide services. To avail new opportunities With automation of their client s operations resulting in most of the client s data turning digital, new opportunities exist in Assurance & Consulting areas. 5

6 Opportunities for CAs Opportunities exist in Auditing, Assurance as well as consulting areas. CAs can develop innovative delivery capabilities for new service offerings to existing /new clients. CAs can provide services in the areas of:- IT Governance, Risk Management, Compliance Assurance, Consulting and Implementation 6

7 Empowering CAs Steps for developing IT capabilities To develop the capabilities & build technological infrastructure, the prerequisites will be based on following:- Identifying areas of Specialization. IT Skills and Competencies. Assessing the existing and future applications. Determining Type of Technology Infrastructure required. Service Delivery Methodologies. IT Culture & Training. Right Migration Plan. 7

8 IT Consulting & Assurance Services by CAs CA can use global best practices for Consulting & Assurance services. COBIT 5 is one such framework. These processes have detailed management practices, input-output matrix, RACI chart and activities. From these processes, proposals can be prepared regarding scope & objectives of the assignment. Extracted contents from processes can be customised and used as benchmarks. 8

9 IT Consulting & Assurance Services by CAs Sample areas for CAs to use COBIT:- EDM01 Set and Maintain the IT Governance Framework. In this area CA could adopt the best practices as per COBIT:- Scope Analyze requirements. Objective Provide a consistent approach integrated and aligned with the enterprise governance approach. Areas of Review Evaluate design of enterprise governance of IT. Direct the Governance System. Monitor the Governance System. 9

10 IT Consulting & Assurance Services by CAs APO02 Define IT Strategy Planning Scope Provide a holistic view of the current IT environment & future direction. Objective Communicate the objectives to be understood by all Areas of review Understand enterprise direction. Define the target IT capabilities. Define the strategic plan and road map. Communicate the IT strategy and direction. 10

11 IT Consulting & Assurance Services by CAs APO12 Manage Risk Scope Continually identify, assess and reduce IT related risks Objective Integrate the management of IT related enterprise risk with overall enterprise risk management Areas of review Collect data. Analyse risk. Maintain a risk profile. Articulate risk. Define a risk management action portfolio Respond to risk. 11

12 IT Consulting & Assurance Services by CAs APO13 Review IT Security Management Scope Define, operate and monitor a system for information security management Objectives Keep the impact and occurrence of information security incidents within the enterprise's risk appetite levels. Areas of review Establish and maintain ISMS Define and manage an information security risk treatment plan. Maintain and review the ISMS. 12

13 IT Consulting & Assurance Services by CAs MEA03 Compliance with External Requirements Scope Evaluate processes are compliant with laws, regulations and contractual requirements. Objectives Ensure that the enterprise is compliant with applicable external requirements. Areas to review Identify external compliance requirements Optimise response to external requirements Confirm external compliance Provide assurance to external compliance 13

14 IT Consulting & Assurance Services by CAs DS04 Manage Continuity Scope Etablishing a business plan to respond to incidents and disruption Objectives Continue critical business operations and maintain availability of information at a level acceptable to the enterprise in the event of a significant disruption. Areas review to Define the business continuity policy, objectives and scope. Maintain a continuity strategy. Develop and implement a business continuity response. Exercise, test and review the business continuity plan Manage, maintain and improve the continuity plan. Conduct continuity plan training Review backup arrangements Conduct post resumption reviews. 14

15 How a Chartered Accountant could play a significant role in areas like outsourcing using these practice areas 15

16 Business Process Outsourcing Outsourcing of activities/services by an organisation takes advantage of core competences of Service Providers in those areas, so that the organization can concentrate on its core business. Many IT enabled companies provide outsourcing solutions/services. Outsourcing deals with fringe business activities such as customer care, finance and HR. Purpose is to cut on costs and take advantage of core competency of others 16

17 Knowledge Process Outsourcing A subset of BPO. Involves outsourcing of core functions that help in value addition. More specialized and knowledge based than BPOs Include services related to:- R&D, Capital and insurance market, legal services, biotechnology, etc. 17

18 BPO-KPO-IT Enabled Business Processes Medical Transcription Legal Transcription Data Entry and Processing Act of converting voice-recorded medical Reports into text Converting audio dictation by legal professionals and other recordings from legal cases into the printed word Area of accounting and many other business processes are increasingly being outsourced because of cost effectiveness IT Helpdesk Suport Provides a single point of contact service to end users for all kinds of IT support. Application Development Involves Outsourcing of development as well as maintenance and support of applications 18

19 Outsourced Services-Risk Privacy & Confidentiality Attrition of staff Legal Compliances Timeliness 19

20 Outsourced Services-Control Access Controls HR Controls Good Processes Quality Assurance Compliance Management Contingency Backup Plans & 20

21 CA providing Assurance to outsourced services can use COBIT-Example Compliance with external requirements: An Indian BPO service provider is bound to comply with the various provisions of Indian laws which impact the outsourcing industry. CA can use MEA03 Compliance with External requirements discussed earlier to:- Identify external compliance requirements. Optimise response to external requirements. Confirm external compliance. Provide assurance for external compliance. 21

22 CA providing Assurance to outsourced services can use COBIT-Example Managing Business Continuity Most of the SLAs of BPOs provide for provision of services during disaster also. CA can use DS04 : Manage Continuity to provide assurance Whether the organisation has a defined business continuity policy, with clear objectives and scope. Whether organisation maintains a continuity strategy. Whether the organisation has developed and implemented a business continuity response plan. Whether the organisation exercises, tests and reviews the business continuity plan. Whether the organisation reviews, maintains and improves the continuity plan. Whether the organisation conducts continuity plan training. Whether the organisation manages backup arrangements. Whether the organisation conducts post resumption reviews. 22

23 References o.asp ledge-process-outsourcing-kpo finition_and_solutions 23

24 IT Assurance Services And Role of CA In BPO-KPO We have Learnt About Introduction Opportunities for CA s IT Consulting & Assurance services by CA s Business Process Outsourcing 24

25 IT Assurance Services And Role of CA In BPO-KPO Thank You 25