Risk and Control Assessments

Alignment with business strategic objectives

It should be understood, that IT, in its totality, with the inclusion of cybersecurity as a function, is first and foremost, a business issue, NOT a technical issue. An IT or cyber risk and control assessment should be performed from this basis, and with complete understanding of its true purpose. It is a futile endeavour to perform a risk assessment without a clear picture of the strategic directive, steering a business. 
The business strategy, whether notarised or intended, entails recognising and planning for certain kinds of risks at strategic and operational levels. There are risks attached to the opportunities that a business pursues or proposes to pursue. All said, the main objective leading to the ultimate outcome, is centred around profiting from these opportunities. An important part of said objective, is also to profit from the risks associated with pursuing these opportunities. We assist in risk mitigation activities that reduce profit erosion, and keep it at acceptably low levels. 
Aligning with the business strategy and objectives of a business is an important part of the IT service as a major contributor to the health of the business, and an invaluable partner in helping the business to generate profitability. Neglect, misalignment, or lack of perspective on the part of the IT service, more often than not, retards the ability of its client to achieve a profit-oriented vision, or to execute its strategies and objectives. Seen from the sole perspective of supplying a technical service, the exercise serves only to grant minimal value.

Our service offering

It is on this level, with these objectives as paramount, that Futura International separates itself from the mundane, non-committal brand of technical mediocrity. Our commitment to your business success means that we identify and assess all relevant IT and cyber-risks that pose a current, or potential threat, to the achievement of your strategies and objectives, while focusing on the whole picture in all its facets. Risk assessments are performed against different international frameworks, standards, and best practice guidelines (e.g. COBIT, NIST, ISO 27002 etc.). In the normal course within the framework, we cover the following types of potential risks:
  • Control effectiveness risks
  • Control efficiency risks
  • Data confidentiality risks
  • Data privacy risks
  • Data integrity risks
  • Data and system availability risks
  • Regulatory compliance risks
  • Data and system reliability risks