IT Project/Program Management, Agile and DevOps

• Project Co-ordination/PMO

• IT Transformation & Transition

Old security controls that are in place and if new sec controls have come up by BSI (British Standard
Institution) – this transition’s plan has to be created

• IT Service Management/ IS Governance

ISG – any process of aligning your IT resources or practices and your org goals with company
stakeholders. Main aim is all info systems are in compliance and effective with all standards and
regulations.

• IT General Controls

Part of statutory audit. ITGC & ITAC(Automated Control) own set of requirement base. Ask evidences
from the clients. Requirements list – user access management, asset management, business
continuity plans, bus recovery plans, password management plans, network security. Ask evidence
for these stuff – you evaluate on that basis. ITGC is a small part of ISO 27001 – security controls ka
requirements are in ITGC

• Sarbanes Oxley (SOx)

It’s a standard

• Application Controls - ITAC

ERP Tools, Oracle tools and other tools ka audit

• Internal Financial Reporting (IFC)

• Internal audits / internal controls / IT Audits

Conduct on organisational level basis. Call all business processes. Go control by control what is
applicable or not, find out gaps and go in depth what are the risks, risk assessments, why internal
audit is imp you ask them, user access, asset requirements, maintaining NDA or not, background
verification of employees, third party vendor assessment. Maintaining SOPs or not and your work
etc. Adhering to ISO standards or not.

• Information Security

• Service Organization Controls Reporting (SOC1 / SOC2 / SSAE 16 / ISAE 3402)

ISO ka baap. ISO has 93 controls and SOC has 250 controls. Much more in detail. Confidentiality,
Integrity, Privacy, Security and Availability. 5 parameters of SOC. 2 types of SOC. Type 1 and Type 2

• Assessing IT controls frameworks, including testing of design and operational effectiveness

Can be done to various certifications like ISO ITGC- effectiveness of IT Controls How are you
following various parameters and what sec measures have you implemented in the org, appearing to
ISO Methods. BCMS – Business Continuity
• Developing IT risk remediation strategies

Done by conducting gap assessments, then by internal audits, identification of risks by going through
understanding all business processes, after id mitigating all the risks, maintaining separate risk
register, risk register document. Formulating risk assessment policies and defining them for the
organisation.

• Performing and interpreting gap analysis

As per ISO Standards, understand all business processes – doc called statement of applicability from
there you can assess all the controls what all is applicable for the organisation and you can find out
all the gaps of the org. eg firewall isn’t there, that’s a gap so they need to implement it, if no
antivirus they must implement it.

• Business Continuity Management

Talks about if you are having a business you should always document a bc which should have the
number of incidents documented which says that if any mentioned incident shappen what will be
the next step of action, how much downtime can you afford that should be documented(MTO, RPO,)
DR- Disaster Recovery drills will be conducted.

• Software Asset Management

Software assets within org should be document and defined in a policy which says that it should be
classified – data classification should be there based on that the software is critically classified.

Assessment of software – regular VAPT – Vulnerability Assessment Penetration Testing – helps to

identify vulnerabilities of a software.

ISO Standards – ISO27001 International Organisation for Standardization

Information Security Management System

Transition from 2013 is old standard and transition to 2022 new standards – implement new
standards
GEORGE MATHEW – PARTNER FOR 14YRS AND CA Switched to info systems audit 17yrs back
another big4 then to EY

INTERVIEW WITH SOUTH ASIA DIRECTOR OF

EY INDIA ACHIEVED A MILESTONE – FINANCIALS DAILY – BILLION DOLLAR REVINUE FROM INDIA
OPOERATIONS AND BULK OF IT COMES FROM CONSULTING.

TAX PRACTICE, MERGER AND ACQUISITIONS AND FORENSICS BUT BULK OF REV COMES FROM
CONSULTING
ECO TIMES INTERVIEWED HEAD OF COMPEDES – YOU ARE NO, 2 IN CONSULTING IN INDIA AND
ANOTHER IS THREE, WHEN DO YOU SEE YOURSELF AT NUMBER ONE CONSULTING BRAND IN INDIA
LIKE EY – SAYS WE ARE STILL A COUPLE OF YEARS AWAY.

PI PRACTICE, US PRACTICE, TRANSFORMATION IS THE BUZZ WORD, NEW AGE SOLUTIONS

ADDRESSING THE CONCERNS.

WHAT DO WE DO IN CONS?
NOTHING AND SOUTHING, PEOPLE CONSULTING

TECH – ORACLE, CYBERG, AI, ETC

BUS CONSULTING – RISK CONSULTING – ENTERPRICE AND TECH RISK – ANALYTICS

4 SERVICE LINES – IN COLUSTING 3 PILLERS AND YOU IN BUS CONSULTING

AS A TEAM – ENGAGEMENT IS THE KEY TO SUCCESS – JOIN HANDS, PROVIDE INPUTS TO ADD AND
DELIVER VALUE TO CLIENT. WE SHOUL;D HAVE A MINDSET TO LISTEN TO OTHERS AND NOT JUST BE
IN YOUR OWN PRESCRIBED WORLD – CONTRIBUTE TO A THOUGHT PROCESS – COLLABORATION.

FUELLED BY PEOPLE AND INNOVATION – PEOPLE ARE THE ASSETS FOR THEM – SINCE YOU WILL
WORK HARD, COLLABORATE AND DELIVER ENGAGEMENTS. - BASIC PHILOSOPHY.

RECENT PRIVACY REGULATION NOT YET DECIDED BY PRESIDENT.

PEOPLE FOR DIFF BACKGROUNDS HERE FOR A REASON – VARIOUS CLUBS IN EY LIKEMINDED PEOPLE.

WHAT WE DO
HANDING OVER NONE CORE ACTIVITIES TO THIRD PARTIES

WHEN ENGAGING WITH A PLETHORA OF THIRD PARTIES HOW TO ENSURE SECURITY? WHAT IF THE
THIRD PARTY MISUSES THE DATA THAT YOU SHARED?

KEEP A VERY KEEN EYE HOW THESE GUYS ARE MANAGING THEIR DATA AND CONFIDENTIALITY OF
THEIR CUSTOMERS

THEY HAVE CONTROLS AND DESIGNED – CHECK IF THEY ARE OPERATING EFFECTIVELY. THAT’S WHAT
WE DO

COMPLIANCE REPORTS, SOFTWARES, SAVING MILLIONS OF DOLLARS

YOU ARE A PART OF FINANCE TEAM AND THEY COME AND ASK IF THEY WANA BUY 100 TRUCKS
A LOT OF QUESTIONS ON THE REQUEST TO BUY AN ASSET – CLOSELY SCRUTINIZED SO WHEN
BUYING SOFTWARE THERE IS A NEED FORO SCRUTINY AS WELL. HELP COMPANIES SAVE A LOT OF
MONEY BY LOOKING AT WHAT THE EMPLOYEES ARE DOING ON DAILY BASIS AND WHAT
SOFTWARES DO THEY USE AND BY ANALYSING THEIR VOLUME OF RENEWAL – SAVE A LOT OF
MONEY

APPLICATION LIFECYCLE MANGEMENT

WATERFALL MODEL – DEV A MODEL WITH SEQUENTIAL CHANGE

TAKES COUPLE OF WEEKS OR MONTHS TO IMPLEMENT

IN TODAY’S WORLD – NEED IT TO BE DONE QUICKLY – AGILE DELIVERY CONCIEVE IDEATE

DEPLOYMENT CHANGE

THEY DEPLOY 1 CHANGE IN EVERY 9 OR 11SECS

UNLESS THEY DON’T ADOPT TO THESE CHANGES – THEY WILL BE OUTDATED – SO WE HELP CLIENTS
IN THIS
CONTRACT FARMING – IN ORDCER TO HELP IMPROVE FARMERS AND PRODUCTIVITY –
COMPREHENSIVE, INNOVATIVE AND SHOW INFO IN STATE – DATA REQUIRED

DATA IS A NEW OIL – MUKESH AMBANI

IF SOMEONE KNOWS HOW TO ANALYSE DATA – CAN MAKE A LOT OF MONEY

NEED TO HAVE SECTOR EXP AND INN – HOW IT IS BENEFITIAL FOR THE SECTOR
LOOKING FOR PEOPLE – INTEGRITY ANS RESPECT EACH OTHER

ENERGY AND ENTHU – COURAGE TO BRING ABOUT A CHANGE

RELATIONSHIP BUILDING

BRAND BUILDING BY A LOT OF EXPERIENCE YOU DO AT WORK – TECH MBA – BADGES – ONLINE
PROHRAMS YOU SELECT – COULD BE ANYTHING – BADGES YOU acquire aas per the knowledge you
get in that area of expertise

Ecosystem where their people continue to learning while working with us

Your commitment to work – ownership, eye for detail, committed – can I entrust you with work
without any supervision. If you are able to demonstrate this – EY!

EY JOURNEY
ASSOCIATE CONSULTANT AND THEN YOU MOVE ON