I.T. Assessment Case
An accounting firm in Hong Kong

Size 20+ Employees
Services IT Audit and Follow-up Services
Challenge Different industries have different practices. Our client in this case is an accounting firm with only 20+ employees. The company withholds a large amount of highly confidential data with a limited budget for I.T. expense. The related I.T. responsible is not fully technical equipped is troubled with dealing with outsourcing vendors. On the other hand, a lot of book keeping work involved to cope with the large amount of hardcopy records due to regulation.
Results Identified unreported access paths for outsourcing vendor to remote office servers and workstations. Aroused by the insufficient awareness of data security of general staff. Duplicated and complicated handling causing an increase in workload and human errors.
Follow - up Immediate reconfiguration of firewall to prohibit unwanted access. Different training sessions provided to I.T. and general users. Establishment of a document management system and automation possibilities.

In recent years, with the aggressive growth of PRC’s economy and businesses, many are struggling to cope with oversea management and security. Our client is no other. An out-dated ERP and a handicapped HR system have cost our client direct money lose. An I.T. team that are too busy fixing endless users’ daily problems, managers find it almost impossible to communicate and express their business directions and objectives. With a continuous reminder from the news of data leakage and loss, managers have turned to our IT audit and service scheme to evaluate in both technical and business aspects.

Under a series of interviews and inspections, a clearer picture is drawn out for the I.T. responsible and their management team, some includes:
  • An unreported access path is established by an outsourcing vendor to freely remote all servers’ and office PC’s.
  • Unreported virus/Trojan infections to I.T. personnel. Staff awareness of I.T. security is low.
  • Complicated manual handling of a large hardcopy records library retrieval. etc...

  • Follow-Up
    Under our evaluation and in-depth digging into the operation procedures, our team designated a scheme of guidelines and training programs for our client.

    Regular training sessions are provided for I.T. personnel to enhance the technical knowledge of daily administration. Other than that, a general computer usage and security awareness session is provided to users.

    Our team also sourced some document management systems (DMS) for our client in order to minimize human errors on manual handling and book keeping. We also studied and performed system integration between the currently used project system and DMS.

    In this case, we have designated our team to train the I.T. personnel to cope with administrations and monitoring. On the other hand, a training session is performed for general users in order to raise their general computing skills and security awareness. With an integrated DMS in-place, colleagues are able to retrieve records within seconds with higher security level from both in office and offsite. The automation integration between the project system and DMS minimizes human handling errors and increases users’ productivities.

    I.T. Audit and Assessment
    I.T. Consultation
    ISO 27001 Consultation
    Vulnerability Assessment and Penetration Test