The client
A wholly owned investment banking subsidiary of one of the largest brokerage and financial services groups in Japan.
The work
Undertook an audit of outsourced Data Centre Management on behalf of the client’s Internal Audit department.
How we helped
We worked with the client’s Internal Audit team to define key risks and expected controls in respect of Data Centre Management. The resulting audit plan covered Physical Security, Facilities Management, Data Centre Service Provision (including third party supplier management), Change Management, Incident and Problem Management and People Management.
Data centre service provision was outsourced to a third party. This partner in turn outsourced facilities and infrastructure provision to other external service companies. Our experience in complex outsourcing arrangements allowed us to understand the respective roles and responsibilities and legal commitments and fully test them to provide assurance that the client’s desired service, availability and performance levels were being safeguarded appropriately.
Value added
We brought a breadth and depth of knowledge around Data Centre Management and associated risks that did not exist within the client. In addition our complete independence from the client meant we were able to challenge and test the responses of key third party service providers to provide highly robust levels of assurance over the management of risk in the data centre environment.