The book "Audit of the internal control system, audit guidelines on function and effectiveness" from the "DIIR publication series", volume 60, published in March 2020, in which our managing director Mr. Sami Abbas played a leading role in, was published in the ZIR magazine "Interne Revision", Edition 2/2020 and got reviewed.

"This work offers a practical guide to identifying risks in business processes, identifying controls and checking the effectiveness of these controls, which are essential for assessing the ICS."

Source: ZIR Zeitschrift Interne Revision“, Issue 2/2020.

The complete Article (in German):

Aktuell - Erich Schmidt Verlag (ESV)

Link tot he book:

Revision des Internen Kontrollsystems - Prüfungsleitfäden zu Funktion und Wirksamkeit - Erich Schmidt Verlag (ESV)

Your guide to an official re-examination

The follow-up is one of the most important building blocks in the revision process. It is even a minimum requirement for passing a quality assessment. Because only in a follow-up can it be ensured that weak points have been eliminated, that controls are working effectively again or that new controls have been set up. But as an auditor, how do you keep track of which deficiencies are still being worked on and which have already been corrected? When will the implementation of measures be checked on site and when will a desk check of documents be sufficient? What happens if the recommendations are not implemented? How does the controlling of the follow-up work? We worked out concrete answers to these questions in the seminar.

The seminar will be led by Mr. Sami Abbas from TASCO Revision und Beratung GmbH. For more info.

Date: 13.06.2022

Location: Düsseldorf & Live-Stream 

seminar schedule

Follow-up: A fundamental part of the audit process

• Purpose and objectives of a follow-up
• International Professional Practices Framework (IPPF) - practical advice
• The Audit Report

Carrying out the follow-up

• Follow-up Types
• Follow-up planning
• Preparation and Announcement
• Carrying out the inspection
• Documentation of evidence

Results of follow-up and reporting

• Result types per finding
• Decision criteria for assessing the elimination of defects
• Reporting on the overall result
• Deficiencies that have not been remedied – can one agree, must one agree?

 Resubmission of the review

• Reasons for a second review
• Completion of the second review
• Completion of the entire Audit

Management and control of the findings

• What information does internal audit require?
• How is the status of the findings tracked?

Handling of follow-up results

• Evaluation of the elimination of defects for each department
• Lessons learned

Facility management covers the entire life cycle of a property and the associated outdoor facilities - from production to use to demolition. Deficiencies in facility management have a clearly negative effect on the investment costs, but above all on the subsequent usage and operating costs. They can quickly achieve ten times the value of the investment. Therefore, an intensive and well-founded examination of facility management is of great importance.

The internal audit must have the appropriate facility management know-how and professionally examine the entire process chain of building management.

Goal of the seminar:

You will receive process and risk-oriented auditing approaches and methods to identify, analyze and eliminate risks.

The seminar will be led by Mr. Benjamin Bender from TASCO Revision und Beratung GmbH. For more info.

Dates:

Hamburg: 24 Oktober – 25 Oktober 2022 

Both events will also be broadcast via livestream.

Seminar schedule:

The importance of Facility Management

• Delimitation and determination of content of facility management
• Conception, planning and implementation of the revision of the facility management
• Relevant legal requirements
• Recording of the existing framework conditions (e.g. database/data basis, responsibilities, performance parameters, monitoring, reporting) 

Examination of the technical building management

• Inventory documentation and inventory management
• Building automation (e.g. central control technology, facade control, air conditioning systems)
• Ongoing technical operation (commissioning, disruptions, inspection, maintenance, repairs)
• Energy management and water/sewage
• Other technical services
• Compliance with legal requirements 

Examination of infrastructural building management (in the service sector)

• Needs assessment and bills of quantities
• Solicitation of offers and invitation to tender
• Negotiations and contract award
• Contracts
• Price and material lists
• Price increase requests
• Performance monitoring
• Relevant services: cleaning services, security services, outdoor facilities services, canteen, move management, waste disposal, office services, transport services 

Examination of the commercial building management

• Controlling, budget management and forecast
• (Sub)accounting including debtor and creditor management
• Procurement processes including invoice verification
• Contract Management
• Utility bills
• Marketing including contract negotiations 

Cybercrime targets computers, computer networks and even connected devices. In most cases, but not entirely, criminals aim to make money out of their activities.

Cybercrime is carried out either by a single person, government sponsored organizations or criminal organizations. Some of these criminals tend to use advanced technologies and are technically versed. Others are unexperienced hackers.

The main goal of cybercrime is in most cases to gain profits. Next to personal or political reasons there are only a few other reasons for using cybercrime.

What types of cybercrimes are there?

Here are some examples of the different types of cybercrime:

• E-mail- und Internet fraud
• Identity theft (where stolen personal information is misused)
• Theft of financial or card payment information
• Theft and subsequent sale of company data
• Cyber ​​extortion (money is extorted, otherwise an attack occurs)
• Ransomware attacks (data is encrypted and only released for a fee)
• Crypto jacking (hackers mine cryptocurrency with resources they don't own)
• Cyber ​​espionage (hackers access government or corporate data). 

Cybercrime often falls into two main categories:

• Criminal activity targeting computers
• Criminal activities that use computers to commit other crimes.

 Cybercrime targeting a computer often uses viruses and other types of malwares. Cyber ​​criminals can infect computers with viruses and malware to damage devices or stop them from working. They can also use malware to delete or steal data

How do Cyber criminals often operate?

Here is a brief explanation of the most common types of attacks that target Networks and systems on a daily basis.

Identity theft:

This is one of the worst attacks a victim can suffer from. The criminals use personal data like the name, the driver’s license, the Social security number etc. to commit internet fraud, steal property, misuse goods or use services in the victim’s names.

Botnets

The word “Botnet” derives off the word “Bot” and “Network” and refers to a great number of controlled Computers (Bots) which are connected via network (Internet).

The Botnets are being used to spread vicious Data and Software, to infect other systems, to start attacks, to steal data and to send spam campaigns (etc).

Cyberstalking

Cyberstalking is a form of cyberbullying in which a person attempts to threaten or harass other people using computer systems connected to the Internet. Most cyberstalking cases involve the use of anonymous communication systems such as email, social networks, instant messaging applications, etc.; anything that relies on anonymity to disguise the cyberstalker's identity.

Social Engineering

Social engineering is one of the most classic types of cyberattacks that can be launched against individuals or organizations. It involves manipulating people to obtain valuable information that can later be used to illegally log into private protected systems or networks. The main motivation behind social engineering is often to steal money, financial data (such as bank account or credit card information), and other sensitive information from a company or a customer. 

Flood Attacks

The so-called flood attacks include DoS and DDOS attacks. They are usually launched by botnets that can target your domain names and IP addresses in order to flood them with malicious requests that overload servers, resulting in service outages and connection disruptions for system users.

Potentially Unwanted Programs

Potentially Unwanted Programs, also known as PUPs, refers to software that you never officially requested but got installed anyway. This type of software usually comes bundled with other software that you have actually consented to download. Common examples of this type of cybercrime are adware, spyware, dialers, and malware. 

Exploit Kits

Exploit kits are software toolkits used to exploit vulnerabilities in other programs. A common example is exploiting Flash or Java vulnerabilities to compromise a website and then redirecting traffic to e.g. malicious sites. 

Phishing Attacks

Phishing attacks are a form of social engineering used to trick users into revealing their login, password and other sensitive/personal information. Most phishing campaigns are performed by sending massive spam emails with links to maliciously hacked websites that look like real ones (e.g. financial institutions, banks, etc.). Once users log into these fake websites, their credentials are stored in the attackers' database. You can then use your credit card, bank account or email service. 

Illegale Inhalte

The Internet is full of illegal content that is forbidden to be distributed. Examples of illegal content are selling drugs online and copyrighted material (such as videos, music, books, software, etc.). 

Online Scams

Cyber ​​scams or online scams involve fraudulent companies offering bogus services, goods or rewards to unknowing victims. Examples of online scams include charity scams, gambling scams, online ticket scams, fake gift cards, car scams and more. 

How can you protect yourself from cybercrime?

• Activate your firewall not only on your servers but also on your laptop, which you might use outside of your company network, for example.
• Always use antivirus and anti-malware programs.
• Activate the anti-spam blocking function of your e-mail to protect you from spam.
• Encrypt your local hard drives, e.g. your laptop, with a bit locker so that your data cannot be accessed even if the laptop is stolen. Your smartphone should also only be used with an access code
• Always use a VPN (protected network connection) when accessing your company network from outside. This sets up an encrypted connection and protects your data transfer.
• Buy software or download freeware only from safe and known websites.
• Always back up your data, for example on an external hard drive, and keep the backups up to date on a regular basis.
• Encrypt your e-mails when sending sensitive and confidential content.
• Use different/strong passwords. The BSI specifications are a good starting point. The BSI recommends using a password manager, e.g. Keepass. The password should contain at least eight characters and, in addition to upper- and lower-case letters, numbers and special characters. The longer the password, the more secure it is.
• Keep your software (operating system versions and security patches) up to date

Use two-factor authentication for your online services and for accessing programs with sensitive data, especially if you can be reached externally via the Internet

Ein Article from:

TASCO Revision und Beratung GmbH