IT-Audit
Multicont analyses and evaluates Internal Control Systems (ICS) and IT-systems. We audit service organizations, issue software certificates and perform IT-audits within the framework of financial audits.
ICS-Audit
ICS as a Service
Data analysis
Audit of service organisations
test
IT-Audit within the framework of financial auditing
ISO 27001 for information security management
SWIFT CSP Assessment
ICS-Audit
ICS-Audit
Das Interne Kontrollsystem (IKS) soll eine effektive und effiziente Geschäftstätigkeit gewährleisten, eine korrekte und zuverlässige Rechnungslegung sicherstellen und die Einhaltung rechtlicher Grundlagen garantieren. Die Prüfung von Internen Kontrollsystemen zielt darauf ab, Systemfehler zu reduzieren sowie bereits aufgetretene Fehler festzustellen und zu beheben.
Multicont tests existing Internal Control Systems in accordance with ISAE 3402 for their effectiveness, efficiency and provides a risk assessment and recommendations for improvements in weak areas.
Multicont offers training, seminars and customised handbooks in the area of ICS.
ICS as a Service
ICS as a Service
Setting up an adequate Internal Control System is a big challenge for small and mid-sized businesses in so far as observing and following the legal requirements.
We provide support to businesses who want to set up and monitor an adequate internal control system. Our web-service based ICS-tool administrates control procedures and centrally processes and stores evidentiary documents. Reminder e-mails are automatically sent to responsible parties and the supervisory board and management can be informed with our automatic reporting function.
The data is stored in an Austrian banking data centre which follows the highest international security standards.
Data analysis
Data analysis
Important management decisions are often based on the continually ever growing amounts of complex data collected. Erroneous and or incomplete data can result in poor management decisions and can also result in faulty reporting to the financial market authorities.
Multicont analyses large quantities of data with the purpose of detecting errors and inefficiencies in data management, any potential risks and weaknesses as well as indications of fraud.
Further, we audit data for completeness and accuracy with the purpose of maintaining and ensuring reporting compliance to the financial market authorities.
Audit of service organisations
Audit of service organisations
When a business outsources important functions they must ensure the service organisation has and follows adequate ICS in so far as the outsourced functions are concerned.
Multicont audits ICS for service organisations in accordance with the European ISAE 3402 as well as Austrian standards like iwp PE 14. In the event a business outsources IT functions, we audit business processes and applications as well as system settings on hosts, servers and networks.
test
test
Im Rahmen von Anwendungsprüfungen werden automatische Kontrollen in Anwendungen (z.B. Eingabe-, Verarbeitungs- und Ausgabekontrollen oder Berechtigungskontrollen) auf Angemessenheit und Wirksamkeit geprüft. Die Prüfung erfolgt wie bei IKS-Prüfungen nach ISAE 3402. Multicont prüft weiters Buchhaltungs-relevante Anwendungen auf Einhaltung der Grundsätze ordnungsgemäßer Buchführung gemäß den einschlägigen österreichischen und deutschen Vorschriften. Die Testierung von Softwareprodukten erfolgt nach dem Standard IDW PS 880.IT-Audit within the framework of financial auditing
IT-Audit within the framework of financial auditing
So that the financial auditor can rely on the accuracy of the information obtained by the system, IT has to be audited in the course of the financial audit.
The focal point of the audit are the accounting relevant systems and its application.
ISO 27001 for information security management
ISO 27001 for information security management
We support businesses in preparing for the certification of their information security management system in accordance with ISO/IEC 27001. We can also prepare businesses for add-on certifications like ISO 270018 (cloud data protection). This ensures that your business follows GDPR requirements.
Multicont works with CIS – Certification & Information Security Services GmbH in the above mentioned certification processes. CIS – Certification & Information Security Services GmbH führen wir unsere Kunden durch den Zertifizierungsprozess.
SWIFT CSP Assessment
SWIFT Customer Security Programme (CSP) Assessment
Der in über 200 Ländern und 11.000 Kreditinstituten verwendete SWIFT-Standard ist aus dem Zahlungsverkehrs- und Wertpapierbereich nicht mehr wegzudenken. Die SWIFT-Infrastruktur ist daher besonderen Sicherheitskriterien unterworfen.
Mit dem Customer Security Programme (CSP) und dem dazugehörigen Customer Security Controls Framework (CSCF) wurde ein Rahmenwerk veröffentlicht, welches die Compliance mit diesen Kriterien sicherstellt. Das SWIFT CSCF besteht aus obligatorischen und empfohlenen Sicherheitskontrollen, die von SWIFT-Teilnehmenden in ihrer eigenen Infrastruktur implementiert werden. Obligatorische Sicherheitskontrollen sind für alle Institutionen verpflichtend.
Um die Einführung der Sicherheitskontrollen zu unterstützen, hat SWIFT ein Verfahren entwickelt, das von Benutzern verlangt, die Einhaltung der obligatorischen (und optional auch der empfohlenen) Sicherheitskontrollen zu bestätigen. Benutzer werden aufgefordert, eine Bestätigung in die Anwendung „KYC Security Attestation“ (KYC-SA) einzustellen. Bis zum Ende eines Jahres müssen Benutzer die Einhaltung der obligatorischen (und optional auch der empfohlenen) Sicherheitskontrollen bestätigen, wie sie im jeweils geltenden CSCF dokumentiert sind. SWIFT-Nutzer müssen darüber hinaus ein sogenanntes „Community Standard Assessment“ durchführen, um die Richtigkeit dieser Bestätigung zu bekräftigen.
Multicont blickt auf langjährige Erfahrung in der Zusammenarbeit mit zahlreichen SWIFT-Instituten zurück. Wir bieten ein Assessment Ihrer SWIFT-Infrastruktur nach dem CSCF an.
ICS-Audit
ICS as a Service
Data analysis
Audit of service organisations
IT-Audit within the framework of financial auditing
ISO 27001 for information security management
SWIFT CSP Assessment
ICS-Audit
ICS-Audit
The purpose of ICS is to ensure that your business processes are operationally effective and efficient while providing reliable financial reporting which is compliant with laws, regulations and policies.
Multicont tests existing Internal Control Systems in accordance with ISAE 3402 for their effectiveness, efficiency and provides a risk assessment and recommendations for improvements in weak areas.
Multicont offers training, seminars and customised handbooks in the area of ICS.
ICS as a Service
ICS as a Service
Setting up an adequate Internal Control System is a big challenge for small and mid-sized businesses in so far as observing and following the legal requirements.
We provide support to businesses who want to set up and monitor an adequate internal control system. Our web-service based ICS-tool administrates control procedures and centrally processes and stores evidentiary documents. Reminder e-mails are automatically sent to responsible parties and the supervisory board and management can be informed with our automatic reporting function.
The data is stored in an Austrian banking data centre which follows the highest international security standards.
Data analysis
Data analysis
Important management decisions are often based on the continually ever growing amounts of complex data collected. Erroneous and or incomplete data can result in poor management decisions and can also result in faulty reporting to the financial market authorities.
Multicont analyses large quantities of data with the purpose of detecting errors and inefficiencies in data management, any potential risks and weaknesses as well as indications of fraud.
Further, we audit data for completeness and accuracy with the purpose of maintaining and ensuring reporting compliance to the financial market authorities.
Audit of service organisations
Audit of service organisations
When a business outsources important functions they must ensure the service organisation has and follows adequate ICS in so far as the outsourced functions are concerned.
Multicont audits ICS for service organisations in accordance with the European ISAE 3402 as well as Austrian standards like iwp PE 14. In the event a business outsources IT functions, we audit business processes and applications as well as system settings on hosts, servers and networks.
IT-Audit within the framework of financial auditing
IT-Audit within the framework of financial auditing
So that the financial auditor can rely on the accuracy of the information obtained by the system, IT has to be audited in the course of the financial audit.
The focal point of the audit are the accounting relevant systems and its application.
ISO 27001 for information security management
ISO 27001 for information security management
We support businesses in preparing for the certification of their information security management system in accordance with ISO/IEC 27001. We can also prepare businesses for add-on certifications like ISO 270018 (cloud data protection). This ensures that your business follows GDPR requirements.
Multicont works with CIS – Certification & Information Security Services GmbH in the above mentioned certification processes.
SWIFT CSP Assessment
SWIFT Customer Security Programme Assessment
The SWIFT standard used in over 200 countries and 11,000 credit institutions has become an integral part of the payments and securities sector. The SWIFT infrastructure is therefore subject to special security criteria.
With the Customer Security Program (CSP) and the associated Customer Security Controls Framework (CSCF), a framework has been published that ensures compliance with these criteria. The SWIFT CSCF consists of mandatory and recommended security controls that are implemented by SWIFT participants in their own infrastructure. Mandatory security controls are compulsory for all institutions.
To support the implementation of the security controls, SWIFT has developed a process that requires users to confirm compliance with the mandatory (and optionally also the recommended) security controls. Users are requested to enter a confirmation in the „KYC Security Attestation“ (KYC-SA) application. By the end of a year, users must confirm compliance with the mandatory (and optionally also the recommended) security controls as documented in the applicable CSCF. SWIFT users must also carry out a so-called „Community Standard Assessment“ to confirm the accuracy of this confirmation.
Multicont has many years of experience working with numerous SWIFT institutions. We offer an assessment of your SWIFT infrastructure according to the CSCF.
The purpose of ICS is to ensure that your business processes are operationally effective and efficient while providing reliable financial reporting which is compliant with laws, regulations and policies.
Multicont tests existing Internal Control Systems in accordance with ISAE 3402 for their effectiveness, efficiency and provides a risk assessment and recommendations for improvements in weak areas.
Multicont offers training, seminars and customised handbooks in the area of ICS.
Setting up an adequate Internal Control System is a big challenge for small and mid-sized businesses in so far as observing and following the legal requirements.
We provide support to businesses who want to set up and monitor an adequate internal control system. Our web-service based ICS-tool administrates control procedures and centrally processes and stores evidentiary documents. Reminder e-mails are automatically sent to responsible parties and the supervisory board and management can be informed with our automatic reporting function.
The data is stored in an Austrian banking data centre which follows the highest international security standards.
Important management decisions are often based on the continually ever growing amounts of complex data collected. Erroneous and or incomplete data can result in poor management decisions and can also result in faulty reporting to the financial market authorities.
Multicont analyses large quantities of data with the purpose of detecting errors and inefficiencies in data management, any potential risks and weaknesses as well as indications of fraud.
Further, we audit data for completeness and accuracy with the purpose of maintaining and ensuring reporting compliance to the financial market authorities.
When a business outsources important functions they must ensure the service organisation has and follows adequate ICS in so far as the outsourced functions are concerned.
Multicont audits ICS for service organisations in accordance with the European ISAE 3402 as well as Austrian standards like iwp PE 14. In the event a business outsources IT functions, we audit business processes and applications as well as system settings on hosts, servers and networks.
So that the financial auditor can rely on the accuracy of the information obtained by the system, IT has to be audited in the course of the financial audit.
The focal point of the audit are the accounting relevant systems and its application.
We support businesses in preparing for the certification of their information security management system in accordance with ISO/IEC 27001. We can also prepare businesses for add-on certifications like ISO 270018 (cloud data protection). This ensures that your business follows GDPR requirements.
Multicont works with CIS – Certification & Information Security Services GmbH in the above mentioned certification processes.