IT systems security assurance / IT security Audit

Improvisation of Software Development Process
  • Access the software development process
  • Establish procedures for software development
  • Carry out regular audits to ensure adherence to the established norms of software development

Consultation services in the field of Software documentation
  • Assess level of software documentation
  • Establish norms for software documentation
  • Establish mechanism for documentation change management
  • Assess, monitor and audit software documentation done

Consultation Services for Software Value Addition
  • Carry out value enrichment of software already developed in a multilayered approach
  • Enrichment of functionalities
  • Enrichment of software development process

Project Management Services

Project Management Challenges faced by you
  • Planning Process
  • Defining project closure at the beginning.
  • Training management, core committee and implementation team to cope with technology challenges
  • Requirement Analysis
  • Bridging the gap of business requirement to IT requirement
  • Scoping and identifying right application
  • Understanding the critical processes in technology acquisition and implementation

What we do?

Project Management is accomplished through the use of processes such as initiating, planning, executing, controlling and closing. Our project team manages the project control of the work which typically involves competing demands for: time, scope, cost, risk and quality. We also bridge the gap between stakeholders differing needs and expectations and reality.

Our Project Manager's role is to provide visibility to the stakeholders in many tasks needed to execute the project, to clearly and frequently communicate the status of projects and tasks, and to work closely with the sponsor of the project, to make sure that your project is delivered as close to the forecasted time, budget & scope as possible.

Advantage Lemon
  • We conduct brief IT Review to understand your project management needs
  • Design a PM solution for the projects planned
  • Highly skilled and trained project managers with the fitment to your organization culture
  • Well planned project closure strategy to make your organization self sufficient

IT Effectiveness Study

IT Effectiveness study involves assessment of organization’s information technology environment vis-à-vis control objectives for IT
  • Information integrity consistent with information value to the organization.
  • Information confidentiality consistent with business and statutory requirements.
  • Information availability consistent with the requirements of business processes.
  • Assessing organization’s readiness to adopt latest trends in technology.

What we do?

We customize the IT effectiveness study to meet the needs of your organization depending upon you’re the size and spread of your operations and business. The study is focused on to identify business risks, process gaps and technology gaps in your IT Function based on Control Objectives for IT (COBIT) framework to cover following aspects of the information technology,

  • Information
  • Application (Software)
  • Infrastructure
  • People

IT effectiveness study will provide
  • An improved understanding of information process
  • Information security risks.
  • Process gaps
  • Improvement opportunities.
  • Recommendations for risk mitigation.

Advantage Lemon
  • Management Audit expertise, Technology expertise bundled with SAP professionals
  • Extensive Domain knowledge

Customized solution considering the need of the customer

SAP Implementation Review

Enterprise resource planning (ERP), first, denotes the planning and management of resources in an enterprise. Second, it denotes a software system that can be used to manage whole business processes, integrating your key functions. SAP is one of the most successfully implemented ERP systems worldwide in the Enterprise IT Application segment. For any organization in process of SAP implementation to take care of its business process data, the SAP implementation review is required w.r.t. various control objectives which will differ from organization to organization as will the needs of the control structures of such organizations.

Some of the specific management concerns identified regarding SAP ERP include
  • to meet user requirements
  • Failure to integrate
  • Incompatibility with technical infrastructure
  • Vendor support problems
  • Expensive and complex installations

When do you require it?
  • During the implementation process or
  • Prior to Go-Live date or
  • Post Go-Live date to identify the gap in definition and reality

What we do?

Given the integrated nature of SAP, with our expert and integrated team of management consultants and IT consultants, we identify gaps, analyze the impact and present you the risks or challenges an organization will face related to

  • Industry and business environment
  • User or management behavior
  • Business processes, procedures, functionality and data integrity
  • Application security
  • Underlying infrastructure
  • Ongoing maintenance/business continuity

Advantage Lemon
  • Management Audit expertise, Technology expertise bundled with SAP professionals
  • Extensive Domain knowledge
  • Customized solution considering the need of the customer

SAP and Oracle JD Edwards User manual documentation

Service Offering

We help the organizations to document their functional user manuals specific to the function / departments requirement. The objective of such documentation is to have simplified language as per the functions requirement to execute their job,

  • Document the User Manuals to train employees
  • Standardization in accounting policies as per SAP / Oracle JD Edwards interface amongst various locations to be covered.
  • To have consistency in SAP / Oracle JD Edwards user working irrespective of the person doing the job.
  • To lay the foundation for the project roll out to cover more locations and functions of the company.


The scope is tailored as per the company requirement although the important parameters to consider the time frame of the project is the locations, modules implemented, transaction codes used, reports used, etc.

Information Security Audit (ISA)

Lemon's team of Information Security Audit (ISA) and Certified Information System Auditors (CISA) experts and software professionals can help companies in assessing the strength of their information security.

The purpose of an ISA Audit with reference to an information system is to
  • Assure its integrity
  • Assure its confidentiality and security
  • Assure its availability

The Information Security Audit Framework includes is to
  • Pre-implementation and post implementation reviews
  • Policies and procedures with regards data security, password protection, etc.
  • Data integrity cheeks
  • Firewalls
  • Systems software
  • Vulnerability tests
  • ISO 27001 framework
  • Business continuity planning and Disaster Recovery Plan

We not only do an audit of the information security systems but also consult companies as to how to frame a comprehensive information security framework. We also assist companies in getting ISO 27001 certified

Enterprise Risk Management

Enterprise risk management (ERM) has gained strategic importance in today's high risk business. Scenario Clause 49 of the listing agreement also mandates a listed company to have in place an enterprise risk management and hence the significance of the same cannot be downplayed. Lemon has, over the years, built domain expertise in enterprise risk management having worked with different types of industries in different parts of the country. We Identify and prioritize potential business risks and exposures.

We provide the following services in this regards is to

Developing and implementing enterprise risk management framework
  • To identify and implement Risk assessment, Risk evaluation and mitigation strategies across the enterprise. Gap Analysis and control testing to ensure that all the identified risks are addressed.
ERM policies & procedures
  • Design and develop Risk Management policies and procedures to address all the possible threats and vulnerabilities across the organization. Develop and deploy In detail the action plan/s and risk methodology to ensure the risk free working environment.
Assure Comprehensive risk based audit
  • IT systems audit in an organized approach to cover risk assessment, impact analysis, and probability calculation, control effectiveness and risk score. 360 degree review of threat and vulnerability to underline controls’ effectiveness and failures.

IT System Assurance consultancy

Information technology has become the backbone for every business and in certain cases has become business drivers like Banking & Financial sector, Airlines, Telecom, E-commerce Portals. Manufacturing sector etc. These industries have created technology enabled business models that give them global reach and provide customer centric services with a personalized experience.

Information Technology Assurance Program is a continuous and dynamic program to ensure that the internal control systems dependent on information technology of organizations remain current, comprehensive, effective and responsive to such changes.

IT Systems Assurance - Need and Key Drivers

Recognizing the need and importance of IT in business, organizations have invested heavily in IT Infrastructure, applications and all other supporting programs. Managements are equally concerned on return on such IT investments. It is imperative that given such critical role of IT in business today, management and stakeholders review the IT systems in a structured and holistic manner and are concerned with following issues

  • Existence and effectiveness of an IT governance framework
  • Effective technology controls to ensure transaction level integrity Confidentiality and timeliness of information processed
  • Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) ensuring availability of data
  • Effective compliance of regulatory requirements and adherence to industry best practices

BCM and DR services

Effective business continuity planning helps to minimize the uncertainty of potential business disruptions by creating a framework to maintain and recover business processes should a disruption occur.Natural disasters and business disruptions beyond the control of the organization are necessarily part of the organizations risks profile and risk management strategy. Natural disaster/physical threats could also lead to unauthorized access to critical data, loss of critical data or unavailability of resources which could hamper the business continuity of an organization eventually leading to monetary loss for the organization.

Disaster Recovery Site (DR)

Successful recovery of business operation and restoration to normalcy with minimum impact on resources in case of any planned/unplanned event is the only evidence that proves the effectiveness of business continuity management. For this appropriate disaster recovery policy and procedures need to be defined, documented, approved and communicated by the management.

An overview of business continuity plan covers
  • Adequacy of business continuity and disaster recovery plan and procedures
  • Methodology for business impact analysis and risk assessment
  • Adequacy of backup of data, off-site storage and periodic data restoration
  • Awareness on disaster recovery plan and contingency

Substantive checks of business continuity plan needs to cover
  • Testing of backup, off-site data storage and periodic data restoration activities
  • Effectiveness drills on evacuation and disaster recovery
  • Availability of data and other resources at disaster recovery site
  • Review of actual work done on the disaster recovery site
  • Validation of Business Impact Analysis, Recovery Time and Recovery Time Objectives
  • Emergency handling procedures

Integrated checks of business continuity plan cover
  • Analyzing Interdependencies of the systems and impact on eco-system
  • Validating Legal, Financial and other implications
  • Effectiveness of business continuity plan and business requirements
  • Compliance with legal / contractual obligations of data confidentiality and availability