> IT Security and Compliance  
SAP GRC Implementation  
PCI-DSS Compliance  
HIPAA Compliance  
Representative Engagements  
White Papers  




Designing and Implementing IT General Controls to meet Regulatory Compliance Requirements.

Adopting an intelligent approach to IT general control development by:

  • Using external/internal audit findings as the basis for control requirements.
  • Determining and incorporating all applicable regulatory compliance standards.
  • Focusing on core areas of expertise-- access control and remediation.
  • Conducting workshops to ensure buy-in from stakeholders comprising executive management, business risk managers, business owners and legal to ensure a strong governance model.

Achieving Cost Containment with Control Rationalization.

Achieving cost containment by rationalizing controls across:

  • Regulatory compliance requirements.
  • Application platforms.
  • Lines of business and geographies.

Achieving Cost Reduction using World-Class Offshore Delivery Capability.

Achieving cost reduction by:

  • Delivering projects with a world-class offshore delivery capability.
  • Maintaining optimum on-shore to offshore resource ratios to ensure program success.
  • Apply specially designed implementation and delivery blueprints optimized for offshore delivery.

Developing Optimum Solution Architecture.

Designing optimum architectures by focusing on:

  • Meeting business requirements by maintaining requirements traceability.
  • Reconciling orthogonal agendas of risk mitigation measures and business agility.
  • Transforming controls to business enablers.

Assuring Delivery with Leading Project Management Practices.

Assure project delivery by:

  • Reducing the risk of implementation by providing special attention to the planning phase: project estimation, task and resource scheduling, and communications.
  • Reducing the risk of implementation by adopting the agile implementation methodology
  • Regularly providing project status updates to stakeholders, pro-actively escalating issues.
  • Paying due consideration to user acceptance training and user training activities.

Extending Enterprise Risk Framework.

Develop IT Risk Framework by:

  • Advising executive management, risk officers, controllers, and legal on benefits of control rationalization to meet multiple regulatory compliance standards.
  • Aligning IT control development with the broader enterprise risk framework roadmap.
  • Implementing comprehensive reporting modules to enable controllers, risk officers, line of business owners to instantly and continually gauge the level of risk in their current sphere of responsibilities and influence.
  • Developing IT security policies related to deployed IT controls.

Copyright JPN Associates, Inc