Under the leadership of our managing director, Sami Abbas, the second edition of the audit guidelines for the revision of company insurances, which was first published in 2000, was revised and updated.
Business insurance is an essential tool that can be used to eliminate or reduce risks as part of risk management in the form of risk transfer. These audit guidelines support auditors in auditing business insurance
With examination guidelines for a total of 35 different insurance policies for practical audit work, expanded compared to the 1st edition to include, for example, cyber risk insurance, ransom insurance (kidnap & ransom) or directors and officers liability insurance (D&O insurance).
The book "Revision of the internal control system, audit guidelines on function and effectiveness" from the "DIIR publication series", volume 60, published in March 2020, in which our managing director Mr. Sami Abbas played a leading role in, was published in the ZIR magazine "Interne Revision", Edition 2/2020 and got reviewed.
"This work offers a practical guide to identifying risks in business processes, identifying controls and checking the effectiveness of these controls, which are essential for assessing the ICS."
Source: ZIR Zeitschrift Interne Revision“, Issue 2/2020.
The complete Article (in German):
Link tot he book:
The follow-up is one of the most important building blocks in the revision process. It is even a minimum requirement for passing a quality assessment. Because only in a follow-up can it be ensured that weak points have been eliminated, that controls are working effectively again or that new controls have been set up. But as an auditor, how do you keep track of which deficiencies are still being worked on and which have already been corrected? When will the implementation of measures be checked on site and when will a desk check of documents be sufficient? What happens if the recommendations are not implemented? How does the controlling of the follow-up work? We worked out concrete answers to these questions in the seminar.
The seminar will be led by Mr. Sami Abbas from TASCO Revision und Beratung GmbH. For more info.
Location: Düsseldorf & Live-Stream
Follow-up: A fundamental part of the audit process
Carrying out the follow-up
Results of follow-up and reporting
Resubmission of the review
Management and control of the findings
Handling of follow-up results
Facility management covers the entire life cycle of a property and the associated outdoor facilities - from production to use to demolition. Deficiencies in facility management have a clearly negative effect on the investment costs, but above all on the subsequent usage and operating costs. They can quickly achieve ten times the value of the investment. Therefore, an intensive and well-founded examination of facility management is of great importance.
The internal audit must have the appropriate facility management know-how and professionally examine the entire process chain of building management.
Goal of the seminar:
You will receive process and risk-oriented auditing approaches and methods to identify, analyze and eliminate risks.
The seminar will be led by Mr. Benjamin Bender from TASCO Revision und Beratung GmbH. For more info.
Hamburg: 24 Oktober – 25 Oktober 2022
Both events will also be broadcast via livestream.
The importance of Facility Management
Examination of the technical building management
Examination of infrastructural building management (in the service sector)
Examination of the commercial building management
Cybercrime targets computers, computer networks and even connected devices. In most cases, but not entirely, criminals aim to make money out of their activities.
Cybercrime is carried out either by a single person, government sponsored organizations or criminal organizations. Some of these criminals tend to use advanced technologies and are technically versed. Others are unexperienced hackers.
The main goal of cybercrime is in most cases to gain profits. Next to personal or political reasons there are only a few other reasons for using cybercrime.
Here are some examples of the different types of cybercrime:
Cybercrime often falls into two main categories:
Cybercrime targeting a computer often uses viruses and other types of malwares. Cyber criminals can infect computers with viruses and malware to damage devices or stop them from working. They can also use malware to delete or steal data
Here is a brief explanation of the most common types of attacks that target Networks and systems on a daily basis.
This is one of the worst attacks a victim can suffer from. The criminals use personal data like the name, the driver’s license, the Social security number etc. to commit internet fraud, steal property, misuse goods or use services in the victim’s names.
The word “Botnet” derives off the word “Bot” and “Network” and refers to a great number of controlled Computers (Bots) which are connected via network (Internet).
The Botnets are being used to spread vicious Data and Software, to infect other systems, to start attacks, to steal data and to send spam campaigns (etc).
Cyberstalking is a form of cyberbullying in which a person attempts to threaten or harass other people using computer systems connected to the Internet. Most cyberstalking cases involve the use of anonymous communication systems such as email, social networks, instant messaging applications, etc.; anything that relies on anonymity to disguise the cyberstalker's identity.
Social engineering is one of the most classic types of cyberattacks that can be launched against individuals or organizations. It involves manipulating people to obtain valuable information that can later be used to illegally log into private protected systems or networks. The main motivation behind social engineering is often to steal money, financial data (such as bank account or credit card information), and other sensitive information from a company or a customer.
The so-called flood attacks include DoS and DDOS attacks. They are usually launched by botnets that can target your domain names and IP addresses in order to flood them with malicious requests that overload servers, resulting in service outages and connection disruptions for system users.
Potentially Unwanted Programs
Potentially Unwanted Programs, also known as PUPs, refers to software that you never officially requested but got installed anyway. This type of software usually comes bundled with other software that you have actually consented to download. Common examples of this type of cybercrime are adware, spyware, dialers, and malware.
Exploit kits are software toolkits used to exploit vulnerabilities in other programs. A common example is exploiting Flash or Java vulnerabilities to compromise a website and then redirecting traffic to e.g. malicious sites.
Phishing attacks are a form of social engineering used to trick users into revealing their login, password and other sensitive/personal information. Most phishing campaigns are performed by sending massive spam emails with links to maliciously hacked websites that look like real ones (e.g. financial institutions, banks, etc.). Once users log into these fake websites, their credentials are stored in the attackers' database. You can then use your credit card, bank account or email service.
The Internet is full of illegal content that is forbidden to be distributed. Examples of illegal content are selling drugs online and copyrighted material (such as videos, music, books, software, etc.).
Cyber scams or online scams involve fraudulent companies offering bogus services, goods or rewards to unknowing victims. Examples of online scams include charity scams, gambling scams, online ticket scams, fake gift cards, car scams and more.
How can you protect yourself from cybercrime?
Use two-factor authentication for your online services and for accessing programs with sensitive data, especially if you can be reached externally via the Internet
Ein Article from:
TASCO Revision und Beratung GmbH