• Information integrity consistent with information value to the organization.
• Information confidentiality consistent with business and statutory requirements.
• Information availability consistent with the requirements of business processes.
• Assessing organization’s readiness to adopt latest trends in technology.

We customize the IT effectiveness study to meet the needs of your organization depending upon you’re the size and spread of your operations and business. The study is focused on to identify business risks, process gaps and technology gaps in your IT Function based on Control Objectives for IT (COBIT) framework to cover following aspects of the information technology,

• Information
• Application (Software)
• Infrastructure
• People

• An improved understanding of information process
• Information security risks.
• Process gaps
• Improvement opportunities.
• Recommendations for risk mitigation.

• Management Audit expertise, Technology expertise bundled with SAP professionals
• Extensive Domain knowledge

Enterprise resource planning (ERP), first, denotes the planning and management of resources in an enterprise. Second, it denotes a software system that can be used to manage whole business processes, integrating your key functions. SAP is one of the most successfully implemented ERP systems worldwide in the Enterprise IT Application segment. For any organization in process of SAP implementation to take care of its business process data, the SAP implementation review is required w.r.t. various control objectives which will differ from organization to organization as will the needs of the control structures of such organizations.

• to meet user requirements
• Failure to integrate
• Incompatibility with technical infrastructure
• Vendor support problems
• Expensive and complex installations

• During the implementation process or
• Prior to Go-Live date or
• Post Go-Live date to identify the gap in definition and reality

We help the organizations to document their functional user manuals specific to the function / departments requirement. The objective of such documentation is to have simplified language as per the functions requirement to execute their job,

• Document the User Manuals to train employees
• Standardization in accounting policies as per SAP / Oracle JD Edwards interface amongst various locations to be covered.
• To have consistency in SAP / Oracle JD Edwards user working irrespective of the person doing the job.
• To lay the foundation for the project roll out to cover more locations and functions of the company.

The scope is tailored as per the company requirement although the important parameters to consider the time frame of the project is the locations, modules implemented, transaction codes used, reports used, etc.

Lemon's team of Information Security Audit (ISA) and Certified Information System Auditors (CISA) experts and software professionals can help companies in assessing the strength of their information security.

• Assure its integrity
• Assure its confidentiality and security
• Assure its availability

• Pre-implementation and post implementation reviews
• Policies and procedures with regards data security, password protection, etc.
• Data integrity cheeks
• Firewalls
• Systems software
• Vulnerability tests
• ISO 27001 framework
• Business continuity planning and Disaster Recovery Plan

Enterprise risk management (ERM) has gained strategic importance in today's high risk business. Scenario Clause 49 of the listing agreement also mandates a listed company to have in place an enterprise risk management and hence the significance of the same cannot be downplayed. Lemon has, over the years, built domain expertise in enterprise risk management having worked with different types of industries in different parts of the country. We Identify and prioritize potential business risks and exposures.

We provide the following services in this regards is to

• To identify and implement Risk assessment, Risk evaluation and mitigation strategies across the enterprise. Gap Analysis and control testing to ensure that all the identified risks are addressed.

• Design and develop Risk Management policies and procedures to address all the possible threats and vulnerabilities across the organization. Develop and deploy In detail the action plan/s and risk methodology to ensure the risk free working environment.

• IT systems audit in an organized approach to cover risk assessment, impact analysis, and probability calculation, control effectiveness and risk score. 360 degree review of threat and vulnerability to underline controls’ effectiveness and failures.

Information technology has become the backbone for every business and in certain cases has become business drivers like Banking & Financial sector, Airlines, Telecom, E-commerce Portals. Manufacturing sector etc. These industries have created technology enabled business models that give them global reach and provide customer centric services with a personalized experience.

Information Technology Assurance Program is a continuous and dynamic program to ensure that the internal control systems dependent on information technology of organizations remain current, comprehensive, effective and responsive to such changes.

Recognizing the need and importance of IT in business, organizations have invested heavily in IT Infrastructure, applications and all other supporting programs. Managements are equally concerned on return on such IT investments. It is imperative that given such critical role of IT in business today, management and stakeholders review the IT systems in a structured and holistic manner and are concerned with following issues

• Existence and effectiveness of an IT governance framework
• Effective technology controls to ensure transaction level integrity Confidentiality and timeliness of information processed
• Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) ensuring availability of data
• Effective compliance of regulatory requirements and adherence to industry best practices

Effective business continuity planning helps to minimize the uncertainty of potential business disruptions by creating a framework to maintain and recover business processes should a disruption occur.Natural disasters and business disruptions beyond the control of the organization are necessarily part of the organizations risks profile and risk management strategy. Natural disaster/physical threats could also lead to unauthorized access to critical data, loss of critical data or unavailability of resources which could hamper the business continuity of an organization eventually leading to monetary loss for the organization.

Successful recovery of business operation and restoration to normalcy with minimum impact on resources in case of any planned/unplanned event is the only evidence that proves the effectiveness of business continuity management. For this appropriate disaster recovery policy and procedures need to be defined, documented, approved and communicated by the management.

• Adequacy of business continuity and disaster recovery plan and procedures
• Methodology for business impact analysis and risk assessment
• Adequacy of backup of data, off-site storage and periodic data restoration
• Awareness on disaster recovery plan and contingency

• Testing of backup, off-site data storage and periodic data restoration activities
• Effectiveness drills on evacuation and disaster recovery
• Availability of data and other resources at disaster recovery site
• Review of actual work done on the disaster recovery site
• Validation of Business Impact Analysis, Recovery Time and Recovery Time Objectives
• Emergency handling procedures

• Analyzing Interdependencies of the systems and impact on eco-system
• Validating Legal, Financial and other implications
• Effectiveness of business continuity plan and business requirements
• Compliance with legal / contractual obligations of data confidentiality and availability