IT Process and System Audits

IT Process and System Audits

We provide independent audit services in connection with information technologies to assess the compliance of your business practices, information technologies infrastructure and processes with the legislation, standards and best practices. As a result of our works, we present you applicable improvement recommendations to reduce current weaknesses and risks and to strengthen your IT governance structure and existing controls.

BRSA IT audits in connection with Bank, Payment and Electronic Money Enterprises

GÜRELİ is one of the 6 institutions that received authorization from the Banking Regulation and Supervision Agency (BRSA) to audit information systems. We perform information system audits at the enterprises that are under the supervision of the BRSA, in accordance with the BRSA regulations and based on the COBIT® Information Systems Management Model, in order to present reports regarding the risks and process maturity levels of information systems.

It has become compulsory to audit the payment and electronic money enterprises, which will carry out activities in accordance with the Law No: 6493 on “Payment and Securities Reconciliation Systems, Payment Services and Electronic Money Enterprises”, by independent audit companies that are authorized by BRSA at the process of seeking permission and every two years after getting permission. During this process, GÜRELİ conducts independent audit of information systems according to this Communiqué and reviews your company’s information systems structure and assesses the compliance of such structure with the Communiqué and provides support for the identification and improvement of missing elements.

Audit of Information Technologies Control Goals for Turkish Bankers Association – Risk Center Members

The Turkish Bankers Association sent a notification Letter no 51128 to Risk Center members on October 1^st, 2014 in connection with the “Measures to be taken by the members for the purpose of ensuring accuracy, safety and currency of the information transmitted and kept by the Risk Center” and “Control Goals to be used in the control of the measures to be taken by the members”.

Member enterprises are expected to ensure compliance of their information systems with the control goals as of January 1^st, 2015. In this context, GÜRELİ  provides consulting services or audit services in terms of compliance with the control goals.

Information Security Services

Information Security Audits

Support and consultancy services are listed below under the following headings for identifying and eliminating weaknesses  in the structure of your IT processes, technology infrastructure and systems.

• Information security process and service reviews,
• Network and infrastructure security audits,
• Application security and access controls reviews,
• Supplier and Cloud services security management.
• Information Security Management Systems Consulting

While the information systems keep evolving and changing continuously, information security risks which your company may be exposed constantly change as well. We provide the following support services to secure your business processes, systems and data against possible threats and to ensure compliance of information security structure of your company with the international standards and to implement the standards such as ISO 27001, PCI-DSS, NIST Cybersecurity Framework at your Company.

• Preparation of preliminary review and adaptation roadmap
• Establishing the policies, procedures and supporting documentation
• Increasing internal communication and employee awareness
• Support for sustaining complience.
• Security Surveillance Systems Consulting

Efficient surveillance mechanisms and processes should be established so that information security breaches that may occur in your company systems can be identified in a timely manner and prevented from harming your company. We provide consulting services to develop your system infrastructure and processes to enable you to monitor your systems efficiently by using the resources of your company in the most efficient way and to increase your awareness of information security events in connection with the events that might take place within your company.

IT Risk and Control Management Consulting

We provide risk and control management consulting services so that you can minimize the adverse effects of information technologies risks on your company’s business processes and activities and choose the most appropriate and cost-effective solutions for your organization while you manage your risks. In this regard, we also provide support in terms of creating your risk management structure by identifying, classifying, assessing and taking the right steps against your existing risks and assist you to choose the software.

IT Governance Consulting

We provide efficient proposals and roadmap service for the assessment and improvement of your information technology processes and governance under the international frameworks and standards such as COBIT, ITIL, Val IT, Risk IT, ISO38500: 2015, CMMI etc.

Data Analytics, Continuous Audit and Surveillance Consulting Services

We provide data analytics, continuous audit and surveillance services for your company to avoid financial and loss of reputation risks which might arise from legal requirements, abuse and operational inefficiency and to identify such risks in a timely manner. With regard to these services, we provide support by reviewing your business processes and ever-growing data by using data analytics and advanced analysis techniques and offer meaningful and actionable results so that you can implement them. The purpose here is to increase the efficiency of your internal audit and control departments, reduce their costs, anticipate potential misuse, mistakes and abuses and increase the assurance that you can give to the top management by reviewing all your data beyond sampling. This also allows you to make audits more frequently and in a shorter period of time by using less resources instead of your periodical audit activities.