RISK MANAGEMENT

TO CREATE OPPORTUNITIES ONE MUST MANAGE RISKS

ENTERPRISE RISK MANAGEMENT (ERM)

In order to enable enterprises to minimize and manage the entirety of the risks to which they are exposed, we provide a diverse range of services that are based on years of cumulative experience, seasoned and reputable experts in the various fields of risk (operational risks, credit and market risks, financial risks and other risks), and customized international methodologies such as COSO (Committee of Sponsoring Organizations of the Treadway Commission) and COBIT (Control Objectives for Information and Related Technologies).

We at Entropy, view the entire world of enterprise risk management (ERM) as an aiding tool to the management and boards of directors of enterprises, to cause processes to become more efficient, to meet regulatory requirements and in that way improve the business performance of the enterprise and it meeting its strategic goals.

The new world of risk management is in fact a world of processes management, in the framework of which the management and board of directors of an enterprise can, on the one hand, avoid events causing significant damage to the enterprise, and on the other hand, improve and maximize its business performance through managing processes and risks.

An enterprise must use any available tools to assist it in meeting and achieving its goals and targets. Quality and proper risk management, whilst receiving the appropriate inputs, will lead to avoiding stumbling-blocks and a decrease in mistakes.

SOX (SARBANES-OXLEY)

Implementing the required processes to meet the reporting requirements of Sections 302 and 404 of the Israeli Securities Law, 5728-1968 that were added in 2002, as well as the directives of the Goshen Committee, requiring various organs of the enterprise to carry out lateral actions throughout the enterprise in the interest of documenting work procedures, examining the internal audit systems and assessment of risks that may impact the credibility of the financial reports.

In the scope of implementing the SOX (Sarbanes-Oxley) directives and the directives of the Goshen Committee, also known as the Israeli SOX, reporting corporations and their senior executives, are required to assume full responsibility for the entire process of preparing and revealing the financial statements, as well as report what actions they took, and what flaws came to light in the internal auditing system of the financial reporting.

We at Entropy Processes, Risk & Regulation Ltd., have the know-how, experience and skilled human resources, that is there to assist the enterprise in the numerous and various tasks involved in the implementation of financial reporting control processes, including, documentation of processes, verification/validation of processes, carrying out and documenting testing, which includes super-controls ITGC (IT Governance and Controls), and ELC (Entity Level Controls) when used as an integrative factor between the enterprise and the auditing accountants, all, in full coordination with the enterprise’s management. Within the scope of maintenance activities (year two and up) improvement processes can be embedded in the control and internal auditing systems, as well as performing ongoing checks of the effectiveness of the control system.

Within the scope of our SOX services, we provide a professional solution, comprehensive or specific, according to the client’s needs. The services are given from experienced consultants from the fields of accountancy, internal auditing, industrial engineering management, business and law. The field within Entropy is being managed by Moran Aviad Bassany.

CYBER AND INFORMATION SYSTEMS SECURITY RISKS MANAGEMENT

A significant part of the business advancement of enterprises lies in their use of integrative information systems that support business initiatives. On the one hand, such technological advancement is mainly used as a tool to minimize risks, and on the other hand it exposes the enterprise to new risks. We offer services and tools to identify, evaluate and minimize these risks.

The advancement in technological systems designed to support business activities of private and governmental bodies, institutional investors, as well as private and public corporations, creates new business opportunities, yet holds inherent risks to the information and data stored therein.

Therefore, great important is attributed to the need to protect the completeness, availability and confidentiality of the information and data, against potential attacks from both external and internal sources.

It is also worth noting, that information security and cyber protection were dramatically elevated in recent years as the spectrum of threats has broadened as well as their significance and likeliness of realizing into actual events.

We at Entropy, offer advisory services in the field of information technology (IT) risks management as well as information systems and cyber security.

INTERNAL AUDITING

We assist the internal audit units in various financial bodies in building their risk-assessment based work plans, as well as support the performance of audits in a diverse range of complex topics. Internal auditing must be efficient, risk oriented, and suited to the business strategy of the enterprise, but mostly to provide the management and board of directors of an enterprise with an added value. We have in-depth acquaintance and knowledge of the largest internal audit systems that exist in the country, as well as the needs of auditing, work methods and professional standards in the field.