Collaborative Partnership

We sub-contract our specialised risk services to other consulting or accounting firms for larger scale service engagements. Our sub-contract services include:

- PDPA compliance audit
- Data protection services
- IT infrastructure audit [IT governance and operations efficiency, general controls and information security]
- Supporting in system evaluation of IT accounting controls for public accounting corporation
- Technology risk management
- Internal review of sustainability report

Outsourced Data Protection Officer (DPO) As-A-Service (PDPA)

1. Basic Services Package

o Ensuring PDPA Compliance

- Data Protection Self-Assessment using the PDPA Assessment Tool for Organizations (PATO) & Data Inventory Map (DIM) techniques

- Review and/or develop Privacy Statement, Policy & Measures, and Data Governance Structures.

o Fostering a Data Protection Culture

- Provide PDPA consulting and training to all employees based on the 1) PDPC Advisory Guidelines on Key Concepts in the PDPA &
2) Advisory Guidelines on the PDPA for Selected Topics.

o Cybersecurity advisory and training

- Offer training and advice to management and IT departments on Cybersecurity Essentials (Framework, Measures & Controls)

o Efficient Handling of Data Inquiries

o Alert Management on Personal Data Risks

o Liaise with PDPC when required

o Data Breach Response Plan (In event of data or security breach incident)


2. Advanced Services Package with the add-on below:

o Advisories and guided Implementation of the Data Protection Essentials (DPE) and Data Protection Management Programme (DPMP), Data Protection by Design for ICT Systems, &/or Data Protection Impact Assessment (DPIA)

o Review or guided implementation of the Advanced Data Protection Practices based on the PDPC’s Guide to Data Protection Practices for ICT Systems.

o At the group level, provide advisory on collection and processing activities of personal data outside Singapore based on overseas data protection laws.

PDPA Compliance Audit

An independent and systematic review of data protection policies and processes, carried out according to internal audit methodology, against the PDPA, identification of data protection compliance gaps and risks, and putting forward of recommendations for remedial action plans and best practices.

IT Audit

(A) Full scope of technology audit comprising development of audit program, undertaking of test procedures (field works) and issuance of audit reports with sign-off showing result and recommended remedial actions for systems changes and upgrades.

Focusing on information security and/or cybersecurity controls and measures of an organization’s office secured network, systems and web-based applications, or;

[B] Provide attestation with sign off on organization’s internal self-assessment of its information security and/or cybersecurity infrastructure by validating its assessment plan and results.

Co-sourced Internal Audit Services

The co-sourced internal audit is carried out by a partnership with client’s in-house independent internal audit function and Mckell Risk Management as an externally hired internal auditor to close the expertise gap in the field of risk and control, or pertaining to business operations in specific industries.

It serves to close the gaps and meet the compliance needs of our clients in a more cost-effective way. Internal audit is performed on one of more of the following areas and business processes:

• Financial reporting

• Financial management

• Procure-to-pay and order-to-cash

• Third-party risk and contract management

• Data privacy

• IT and data governance

• Information security and computer operations

• Technology risk management

• Cybersecurity

• Regulatory compliance

• Corporate governance and risk management

• Sustainability reporting

Advisory on the implementation of the Control Self-Assessment (CSA) Program / Internal Control Review

Control Self-Assessment (CSA) is an effective risk management technique developed in 1987 and widely adopted in the United States, European Union and other countries. It is used by a range of organizations including corporations, charities and government departments to assess the quality and effectiveness of their risk management and control processes and determine corrective actions or improvements where necessary.

The key feature of CSA is that, in contrast to a traditional audit, the control assessment and testing are performed by staff and management whose normal day-to-day responsibilities are within the business unit being assessed. It is a participatory risk management approach that combines risk assessment with self-evaluation.

It also serves to identify the higher risk processes within the organization and allows internal auditors to plan their work more effectively.

We support organizations in the facilitation, coordinating and conducting of their CSA program covering these key business processes, notably including:

o Internal Control Over Financial Reporting
o Fraud Risk Management
o Technology Risk Management
o Data Protection Processes & Practices
o Third-Party Risk & Contract Management
o Trade Account Receivables Policy
o Procurement & Account Payables Controls
o Corporate Finance Policy
o Sustainability Practices & Reporting

The Institute of Internal Auditors based its control self-assessment methodology on the Total Quality Management approaches of the 1990s as well as the COSO's framework. The methodology became part of the International Standards for Professional Practice of Internal Auditing and was adopted by a large number of major organizations.

Strategic Business Review for Private Education Institution (PEI)

We support Private Education Institutions in obtaining the required credit rating for the renewal of their business registration by performing an independent review of their business strategies, corporate governance, risk management and financial sustainability by using a combination of financial analytical and risk assessment techniques.