IT Auditing & Assurance

IT Auditing & Assurance

There are a multitude of threats that can exploit vulnerabilities. CSB Group offers tailored audits, process reviews and risk evaluations of automated information processing systems. When needed, our professionals work hand in hand with a team of individuals, all specialised in their respective fields and areas based on the systems under review. Our professionals have been involved in various online businesses including the remote gaming industry since its inception in Malta in 2004.

Our IT Assurance practices will ensure that you:

  • are aligned with your organisation’s strategies;
  • remain risk-focused;
  • promote sound IT controls;
  • create and maintain a solid cyber security mechanisms;
  • ensure the timely resolution of audit deficiencies;
  • maintain an effective and cost efficient risk management methodologies; and
  • comply with the latest regulations and benchmarked practices.

Our IT experts / IT security specialists

Our team will collaborate with you in building an audit plan which is suitable to your business and will endeavor to maximize your potential to address security, compliance and overall risks.

Services offered in Malta

1. Malta Gaming Authority review engagements

  • Systems and compliance reviews under the terms of reference issued by the Malta Gaming Authority These statutory reviews requirements to remote gaming licencees is offered to those who seek to be licenced or to maintain an active license with the Authority.

2. UKGC ISO/IEC 27001:2013 information security audits

  • Section 1.10 of the Security standards – annual security audits of the UKGC’s Testing Strategy for compliance with remote gambling and software technical standards, dated June 2017, sets out the Commission’s current requirements for the timing and procedures for testing.
  • Accordingly, the UKGC mandates the remote gaming licencees to undergo an annual security audit conducted by an independent and suitably qualified auditor. The testing strategy to be implemented by the auditor is based on the relevant sections of ISO/IEC 27001: 2013 which are summarised in chapter 4 of the UKGC’s Remote Gambling and Software Technical Standards (‘RTS’), dated June 2017.

3. Readiness assessments in preparation for:

  • the systems and compliance reviews performed by the MGA; and
  • the UKGC ISO/IEC 27001:2013 information security audits.

4. Business continuity and disaster recovery planning

Business continuity enables a business to continue offering critical services in the event of a disruption and to survive a disastrous interruption to activities. This is an exercise to identify the business processes of strategic importance.

Disaster recovery planning ensures that effective controls and measures are adopted to prevent possible IT disruptions and to recover the IT capacity of a business, in the event of disruption are in place.

CSB Group can also assist with the development and testing of the above mentioned plans to minimise the risk exposure involved in the occurrence of such events.

5. ISO/IEC 27001 Information Security Management System assessments

CSB Group can assist the management in building a framework for continuous compliance and sustainability over your information systems operations. The results would lead to streamlined and more efficient processes with the benefit of cost savings.

Information systems operations is an area that encompasses the daily support of a business’s information system hardware and software environment, which include:

  • networking – infrastructure & security (firewalls, switches, access-points, intrusion detection system (IDS), intrusion prevention system (IPS), penetration testing)
  • servers & virtualizations – strategy, security & administration(service levels, access control – physical & logical)
  • storage & backup
  • environmental controls (water and smoke detectors, handheld fire extinguishers, fire suppression systems, fireproof walls /floors and ceilings of computer room, electrical surge protectors, wiring placed in electrical panels and conduit, uninterrupted power supply, documented and tested emergency evacuation plans, humidity and temperature control)

We assess our clients’ aptitude against the ISO/IEC 27001 standards, the only auditable international standard that defines the requirements of an Information Security Management System.

6. Risk analysis

Every organisation faces a variety of risks that could be classified into two, internal and external risks. Performing a risk analysis will help identify such risks and vulnerabilities so as to determine the controls needed to mitigate those risks. It is a process of identifying vulnerabilities and threats to the information resources, used by an organisation in achieving business objectives and deciding what countermeasures if any, need to be taken in order to reduce risk to an acceptable level, based on the value of the information resource to the organisation.

7. Risk identification

CSB Group assists clients with carrying out a risk identification exercise, which would consist of an interactive cycle to:

  • identify business objectives;
  • identify information assets and the underlying systems or information resources that generate / store, use or manipulate the assets critical to achieving these objectives;
  • perform risk assessment – to identify threats and determine the probability of occurrence, the resultant impact and additional safeguards that would mitigate this impact to a level acceptable to management;
  • perform risk mitigation – establish controls that should prevent or reduce the likelihood of occurrence, detect the occurrence, minimise the impact or transfer the risk; and
  • perform risk treatment – performed through a cost benefit analysis where controls to mitigate risks are selected to reduce risks to a level acceptable to management. The effectiveness of the above relies in an on-going process to continually identify and evaluate risks as they arise and evolve.

Preparation of Systems Documentation for Online Businesses

CSB Group has been involved in various online businesses including the remote gaming industry since its inception in Malta back in 2004, by assisting international clients and well renowned brands with the submission and pursuance of remote gaming license applications with the Malta Gaming Authority (MGA). CSB Group has through the years gained the relevant experience whilst realising that clients have individual requirements, providing a professional consultancy service that is tailor-made to each and every client. As part of the gaming application process with the MGA, the applicant needs to provide extensive documentation and information of the proposed Control System and Gaming System. Without the necessary guidance, this can be a laborious and frustrating process. The details provided must be accurate, realistic and achievable since the MGA will appoint an independent third party reviewer to conduct a Systems Audit to ensure the Systems Documentation complies with the MGA regulations and guidelines. Control complexity will vary according to the business model and scale of the applicant’s operations, however the Authority insists on comprehensive and extensive documentation. Our involvement during the Systems Documentation will enable the applicant to dedicate the necessary efforts towards the strategic and marketing functions, which are of utmost importance prior to going live with the operations. As the Systems Documentation preparation cannot be achieved without access to the applicant’s financial, operational and technical team, our team would need to work hand in hand with the applicant’s key representatives to ensure detailed and concise Systems Documentation.

Print Friendly, PDF & Email
CSB Group
[email protected]

+356 2557 2557