Vaultex Audit and Risk Product Offering

On-site visit

On-site visits would be required for Vaultex to produce and implement a full Risk Management framework. This would include:

• Risk Management Framework detailing processes for the management of top company risks, risk identification, assessment & categorisation, mitigation of risk, control design & implementation, emerging risk, risk events and risk acceptances;

• Risk Management Policy;

• Governance Guide;

• All key templates;

• MI reporting (including the creation of fully tailored Key Risk Indicators).

Full risk assessments will be performed for all key processes and functions, and will include the design of the risk measurement criteria.

Any frameworks implemented will align to ISO 31000.

No. Days: 30 – 90 days based on client requirements

Advice

Advice can be provided based on client requirements, but no framework documentation/templates will be provided.

No. Days: As required – Daily rate applied.

On-site visit

It is advised that risk assessments for end to end cash processes are supported by on-site visits so all elements of the process can be reviewed and considered as part of the assessment. No. Days: 30 – 90 days based on client requirements.

Desktop Review

Risk assessments can be undertaken as part of a desktop review based on a review of key documents (including policies, procedures, and applicable local standards) as well as information provided by clients. All support function risk assessments can be produced as a desktop exercise. Please note that time economies can be applied for production of multiple risk assessments. No. Days: As required – Daily rate applied.

Advice

Advice can be provided based on client requirements, but no framework documentation/templates will be provided. No. Days: As required – Daily rate applied.

On-site visit

Vaultex internal audit is able to undertake multiple audits at the request within all functions and on all key processes. A plan can be devised for completion during the year, and all audits will be performed in line with international internal audit standards (IIA).

All audits will need to be performed on-site so that detailed testing can be performed on samples to determine the adequacy and effectiveness of key controls.

All audits will include planning, process understanding, assessment of key risks and controls, fieldwork / testing, reporting, and action management.

No. Days: To be agreed with client.

On-site visit

All audits will need to be performed on-site so that detailed testing can be performed on samples to determine the adequacy and effectiveness of key controls.

Audits can be performed on any process or function, including end to end cash processes. Furthermore, audits can be performed in single sites, or across a number of sites of locations.

All audits will include planning, process understanding, assessment of key risks and controls, fieldwork / testing, reporting, and action management.

All audits will be performed in line with international internal audit standards (IIA).

No. Days: 25 days for single site audits, increasing for multi site or function audits/

Advice

Advice can be provided based on client requirements, but no framework documentation/templates will be provided.

No. Days: As required – Daily rate applied.

On-site visit

On-site visits are recommended for us to understand key systems, processes, and infrastructure so we can develop and implement a BCMS framework to ensure minimal impact on operational capability in the event that a major incident occurs. Frameworks implemented will align to ISO 22301.

We can test all new BIA’s and plans at the request of clients.

No. Days: 30 days for framework design and implementation, additional days for testing as agreed with client.

Desktop Review

Elements of a BCMS strategy can be produced remotely, such as a policy, framework and procedures, however production of BIA’s and Test plans will require site visits to enable Vaultex to understand key systems, processes, and infrastructure so appropriate contingency arrangements can be devised.

No. Days: 5 – 15 days based on client requirements.

Advice

Advice can be provided based on client requirements, but no framework documentation/templates will be provided.

No. Days: As required – Daily rate applied.