-
Audit
In our firm we respond to the demands of our customers. We have modern methodologies and audit techniques operating in the best interests of your organization.
-
Statutory Audit
Audit services of the firm have been designed to support you to meet the challenges involved in managing risks, resources and information.
-
External Audit
The external audit service aims to express an independent opinion regarding the fairness of the financia!statements of the companies or certain business areas in which we use previously agreed procedures.
-
Managerial and Result External Audit
Our work consists of the execution of the defined procedures to review the accounting information and issue reports and documents.
-
Taxes
We work with our clients during all their processes to achieve an excellent statutory clase year, in order to optimize the taxes payment and ease the tax burden.
-
Transfer Pricing
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public.
-
Legal Services
Our legal advice involves professional lawyers, specialized in different fields.
-
Diagnosis and implementation of Full and SME IFRS
Servicio de Diagnóstico e implementación de NIIF plenas y NIIF para las PYMES.
-
Training and updating in IFRS
Services of Training and updating in IFRS
-
Calculation of accounting estimates under IFRS
Services of Calculation of accounting estimates under IFRS
-
Valuation of financial instruments
Services of Valuation of financial instruments
-
Advice on specialized topics
Services of Advice on specialized topics
-
IFRS advice for public sector entities
Services of IFRS advice for public sector entities
-
Preparation of financial statements and disclosures
Services of Preparation of financial statements and disclosures
-
Sarbanes-Oxley Service Audit (SOX)
Only those who have clearly structured numbers and a good view of their business, can identify weaknesses and opportunities early enough to react on time to events in their environment.
-
Audit of Organization
In order to help the service organization and its users to establish a reliable and standard process for the service organization's reports, we offer the following services:
-
IT Audit
IT Audit Services help the Organization manage risks and controls related to IT implementation and use to achieve business financial, operational, and regulatory objectives.
-
Computer Security
Cybersecurity frames a set of tools, policies, security safeguards, guidelines, risk management methods, actions, training and in summary a series of practices that can be used to protect the organization's assets and users in cyber-environment.
-
Performance Tests
Our service focuses on determining the speed at which a task is performed under particular working conditions on a specific information or application system.
-
Audit Security Social
As part of Social Security policies and strategies in Colombia, pensions and health are fundamental workers' rights, for which specialized support is required to guarantee access to these rights, in a transparent, equitable and the law.
-
BCP Services
We are certified by DRI International as Business Continuity Plans Consultant, CBCP and with training and certification as internal auditor in SGS, ISO 2005: 27001..
-
SAP Auditing and Computer Security
We have certified experts in security and auditing SAP in R / 3, CRM, BW. Our approach allows us to perform in SAP
-
Corporate Risk Management
This regulatory environment seeks to mitigate the risks and uncertainties of the banking industry, also responding to economic pressures and investor expectations.
-
Operational Improvement
Process management, within which operational improvement is framed, can be defined as a way of focusing the work, where the continuous improvement of the activities of an organization is sought through the identification, selection, description, documentation and continuous improvement of the processes. Any activity or sequence of activities that are carried out in the different business units, constitutes a process and as such, must be managed.
-
Change Management
Change management is the process, through tools and techniques, to manage the transition to a new reality, trying to make the people involved able and willing to work in the new defined context and achieve the expected results.
-
Business Intelligence and Analysis
Business intelligence acts as a strategic factor for an organization, generating a potential competitive advantage, which is none other than providing privileged information to respond to business problems.
-
Due diligence
Due Diligence is a term, usually used in the field of business acquisitions, to refer to the process of finding information about an organization.
-
Valuations
The valuation of a company is not an exact science and can vary depending on the type of business and the reason.
-
Financial accounting
Only those who have clearly structured numbers and a good view of their business, can identify weaknesses and opportunities early enough to react on time to events in their environment.
-
Tax and legal compliance
The tax authorities constantly keep entrepreneurs and freelancers on alert, with tax issues taking part as a crucial role in almost all business decisions.
-
Payroll
Payroll is one of the most challenging responsibilities that a company faces every year. Our service fulfill the client internal policies, understands the corporate strategic planning and focus on the record of the received newness.
Getting to the heart of cyber risk
06 Apr 2017What businesses know, say and do about their critical data
Too many businesses are in the dark about the data they hold
Every business, every day, generates an incredible amount of data. The easiest and cheapest way to store all this information is to adopt the ‘landfill’ model of keeping everything and moving as much of it as possible to the cloud. But we find that many are doing this without even trying to keep track of what they have.
Our survey suggests that less than two in three businesses (65%) are taking steps to understand their data; they are largely in the dark about how much there is, what it does, and what harm it could cause if compromised. And if they don’t know these basics, how can they be sure they are looking after it properly?
There is a data-shaped hole in most risk management
More than one in three (36%) organisations do not assign a risk profile to their data. Considering what they stand to lose if their data is compromised, this is surprising. One explanation may be that, although the C-suite accepts that cyber-security is a risk, leaders are still not doing enough to directly ‘sponsor’ mitigation efforts. Another is that the risk function has largely focused in the past on a limited number of insurable business risks. As a result, legacy risk teams are less experienced in predicting, managing and pricing non-physical threats such as data breaches. This needs to change.
Many businesses are ‘protecting everything, protecting nothing’
More than three-quarters of businesses (78%) are building a baseline of cyber protection without putting in place specific measures to lock down their most precious data. At worst, this means they are implementing expensive firewalls that protect data of little value, while their most critical information assets – those which are necessary for the business to carry out its core function – are more exposed than they should be.
Understanding data means balancing lateral and vertical thinking
For most organisations, it would be practically impossible to assess and rank every spreadsheet, archived email or data file that is generated every day. It’s also a process that cannot be completely automated: understanding the risk and value of data requires human judgement.
Getting it right also takes imagination: being able to think like a cynical and opportunistic hacker and identifying data that would disrupt the business if compromised or compounded. Yet qualitative reasoning should also be counterweighted, as much as possible, by quantitative analysis. What would be the financial impact of a major breach? Would the impact always be the same? And what is the statistical likelihood of it happening?
People are the weakest link
Getting to grips with data is time-consuming and, to be successful, needs to become part of business as usual. This means creating enterprise-wide leaders of the activity as well as individual owners of data assets. Yet many employees, given responsibility for data on top of their day-to-day tasks, try to sidestep the extra work. At worst, we see passive avoidance – where employees mark data as being lower risk than it is purely in order to get out of the ‘hassle’ of protecting it from hackers. To manage cyber risk effectively, businesses need to anticipate this reaction from employees and take steps to prevent it from happening.
There are three principles to managing data risk more effectively
First, data security should be treated as an enterprise-wide, consistently applied risk that is led by the C-suite and then implemented by employees at the operational level. Second, data understanding needs to be built into projects by design, with a multidisciplinary team seeking agreement on the biggest data-related threats to the business. Finally, all engagement – whether communications from the top or training – needs to take place on a ‘human’, non-technical level.