top of page
1_Jevz6S9lFr9inTF9oCMUbg.jpeg

Digital Testing of Controls

BAAR automates your IT risk and compliance monitoring which greatly helps with your IT risk audits.

Technology Risk and Compliance monitoring:

  • Technology Risk and Compliance monitoring is a multi-dimensional challenge

  • Technology and Risk Management teams spend a significant amount of time identifying issues instead of focusing on resolving them

  • Checking for compliance with internal controls and processes is normally an ‘Event’ that takes place as organizations get closer to Audits or visits from Regulators

  • Using an automated or semi-automated ‘Process’ will allow organizations to deploy their resources more efficiently

Technology Risk and Compliance monitoring:

  • Validate and monitor user access to infrastructure components and tools

  • Ensure servers conform to organizational hardening standards

  • Access to databases is via a middleware (unless it is an approved exception)

  • Web Service passwords follow organizational security standards 

  • Source code does not have any authentication credentials (passwords) in clear text

  • Validate that changes made to production follow organizational standards

  • Monitoring should be an ongoing ‘Process’ and not an ‘Event’

  • Provide a mechanism to identify and assign Outliers found in the above to operational resources so they can be re-mediated

  • Better manage risk and resources

  • Not just find issues but remediate them as well. All this done with the required approvals and workflow for the same

We aim to provide a solution for the following (and more):

An example of the dashboards provided are as follows:

  • Executive dashboard

  • Operational Team Dashboard:

bottom of page