Governance, Risks and Internal Audit

Importance of SOC Reporting in the Post Pandemic Era

Prior to the pandemic that affects the world since earlier last year, many sectors were already redesigning their operating models to enhance efficiency and effectiveness in the digital era. These efforts are now even more relevant than ever as companies require leaner, more adaptive digital enterprises that can change and respond quickly. We see that transitioning certain functions to cost effective shared service centre or outside the enterprise entirely via managed service or outsourcing relationships with third parties are high on the list of many enterprises planned actions in the Post Pandemic Era.    Many organisations are able to function more efficiently and effectively by outsourcing tasks or entire functions to another service organisation. These outsourcing relationships may increase revenues, expand market opportunities, and reduce costs for the user entities and business partners, they also result in additional risks arising from interactions with a service organisation and its systems. In supporting their risk assessments on service organisations, user entities and business partners may request independent reports on an examination or review of controls from the service organisation. This is where assurance standards for reporting on service organisation controls such as SOC Reporting and ISAE 3402 were developed.  

Cybersecurity preparedness in time of COVID-19

The unprecedented COVID-19 crisis has posed a huge change in many aspects, for instance, remote working has become a trend to reduce the spread of virus. This has provided insights for company’s management and board on cybersecurity preparedness. Regardless of company size, IT expenditure is unavoidable in order to maintain operations during the crisis. The related cybersecurity investment due to regulatory and compliance measures have since increased.  Most companies are caught off guard by the coronavirus. On one hand company’s computing resources are limited to support remote working, at the same time employees in general have not subscribed adequate firewall protection and antivirus packages to work remotely on their personal computers. With remote working becoming the new norm for companies worldwide amid the COVID-19 crisis, cybersecurity is even more crucial than before to support thousands of workers working from home accessing their companies’ networks.

How cyber security breaches impact personal data protection in particular in relation to the European Union General Data Protection Regulation (GDPR) on Hong Kong businesses

The news of cyber security breaches come waves after waves. Cathay Pacific leaks information consist of passengers’ names, nationalities, dates of birth, travel document numbers and historical travel details. The hacking of Marriott’s Starwood reservation system exposes data of up to 500 million guests. Just over a week ago, Hong Kong credit reporting agency TransUnion was forced to suspend its online services over unauthorised access of personal credit information.   Hong Kong business has largely ignored the EU General Data Protection Regulation (GDPR) that replaced the preceding data protection laws in all European Union (EU) countries on 25 May 2018. The potential impact of GDPR on Hong Kong business with ineffective cyber security measures could be severe.  

Challenges to governance - A listing regime for companies from emerging and innovative sectors

At this age of “New Economy”, we are transiting from industrial to a new technology based economy with increased automation in factories, vehicles, offices and homes. The Internet of Things, Cloud Computing, and Big Data are accelerating global automation of every aspect of human existence

Challenge to CFOs and CUOs: Maximising technology to benefit insurance business

Both CUOs and the CFOs are fully aware of the potential benefits that technology can bring to the business. It’s clearly not rocket science but what might surprise many is that whole technology may well deliver benefits to specific task both believe where technology can really deliver benefit is creating far greater integration across the business and with it the ability to better understand the bigger picture and with it enhance their own abilities to contribute to the bottom line.