CYBERSECURITY (SACS-002) PROPOSAL example.pdf
hebaalkronz94
152 views
25 slides
Jun 10, 2024
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
CYBERSECURITY (SACS-002) PROPOSAL.pdf
Slide Content
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
GENERAL REQUIREMENTS
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
Agenda
2
01RSM PROFILE 3
02AWARDS 8
03SCOPE & APPROACH 10
04YOUR TEAM 16
05FEES & ASSUMPTIONS 22
GENERAL REQUIREMENTS
|
RSM Confidential
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
Agenda
2
01RSM PROFILE 3
02AWARDS 8
03SCOPE & APPROACH 10
04YOUR TEAM 16
05FEES & ASSUMPTIONS 22
RSM PROFILE01
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
RSM GLOBAL
830
offices
$9.4b
revenue
120+
countries
64,000
minds
1
network
4,000
Partners
Consulting
WhenyouworkwithRSM,youhaveaccesstoourworldwide
networkofaudit,taxandconsultingresources.Together,we
willprovideyouwithskills, insights,resources,anda
commitmentto helping youachieveyour goals.Whereveryou
areintheworld,you willenjoythesame seamless service
that combinesastutelocalknowledgewiththeglobalexpertise
ofoursenioradvisers.
TaxAudit
AboutRSMGlobal
RSMGlobalisoneof the
fastestgrowing networksof
audit,taxand consultingfirms
inthe world.
Throughourinternational
network,weprovidepremier
advisoryservices worldwide,
drawingon specialistindustry
and servicelineexpertsglobally.
4
GENERAL REQUIREMENTS
|
RSM Confidential
RSM GLOBAL
830
offices
$9.4b
revenue
120+
countries
64,000
minds
1
network
4,000
Partners
Consulting
WhenyouworkwithRSM,youhaveaccesstoourworldwide
networkofaudit,taxandconsultingresources.Together,we
willprovideyouwithskills, insights,resources,anda
commitmentto helping youachieveyour goals.Whereveryou
areintheworld,you willenjoythesame seamless service
that combinesastutelocalknowledgewiththeglobalexpertise
ofoursenioradvisers.
TaxAudit
AboutRSMGlobal
RSMGlobalisoneof the
fastestgrowing networksof
audit,taxand consultingfirms
inthe world.
Throughourinternational
network,weprovidepremier
advisoryservices worldwide,
drawingon specialistindustry
and servicelineexpertsglobally.
4
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
RSM MENA
WhenyouworkwithRSM,youhaveaccesstoourMiddleEastern, NorthandWestAfrican
networkofaudit,taxandconsulting firms,as wellasourwiderinternationalnetwork.
Together,wewillprovide youwithskills,insights,resources,and commitmenttohelping you
achieve yourgoals.Whereveryouareinthe region,youwillenjoythesameseamlessservicethat
combines astute localknowledgewiththeglobalexpertiseofoursenioradvisers.Wewill bringyou
theinsights andexperienceofourinternationalteamtohelp youmoveforwardwith confidence.
Helpingyouseizeopportunityinthisevolvingregion
RSM’sMENAofficelocations:
35
offices
21
countries
1120
staff
▪UAE
▪Qatar
▪Oman
▪Bahrain
▪Kuwait
▪Egypt
▪Tunisia
▪SaudiArabia
▪Jordan
▪Iraq
▪Palestine
▪Morocco
▪Lebanon
▪Mauritius
▪BurkinaFaso
▪Nigeria
▪Benin
▪Cameroon
▪Tanzania
▪SouthAfrica
Zahedan
Taizz
Tabriz
Suez
Shiraz
Salalah
Quetta
Qandahar
Port Sudan
Port Said
Mosel
Meymaneh
Mekele
Medina
Mecca
Mazar-e Sharif
Mashhad
Kerman
Karachi
Hyderabad
Herat
Esfahan
El-Minya
Bandar Abbas
Bam
Bakhtaran
Atbarah
Aswan
Aseb
Ardabil
Antalya
Al Mukalla
Al Khaluf
Al Ghaydan
Alexandria
Aleppo
Al Basrah
Adana
Tel Aviv
Beni Suef
Yemen
United Arab Emirates
TurkmenistanTurkey
Syria
Sudan
Somalia
Saudi Arabia
Qatar
Pakistan
Oman
Lebanon
Kuwait
Jordan
Israel Iran
Iraq
Eritrea
Egypt
Djibouti
Cyprus
Bahrain
Afghanistan
Tehran
Sanaa
Riyadh
Nicosia
Muscat
Kuwait
Khartoum
Djibouti
Damascus
Cairo
Beirut
Baghdad
Asmara
Amman
Al Manamah
Ad Dawhah
Abu Dhabi
Jerusalem
5
GENERAL REQUIREMENTS
|
RSM Confidential
RSM MENA
WhenyouworkwithRSM,youhaveaccesstoourMiddleEastern, NorthandWestAfrican
networkofaudit,taxandconsulting firms,as wellasourwiderinternationalnetwork.
Together,wewillprovide youwithskills,insights,resources,and commitmenttohelping you
achieve yourgoals.Whereveryouareinthe region,youwillenjoythesameseamlessservicethat
combines astute localknowledgewiththeglobalexpertiseofoursenioradvisers.Wewill bringyou
theinsights andexperienceofourinternationalteamtohelp youmoveforwardwith confidence.
Helpingyouseizeopportunityinthisevolvingregion
RSM’sMENAofficelocations:
35
offices
21
countries
1120
staff
▪UAE
▪Qatar
▪Oman
▪Bahrain
▪Kuwait
▪Egypt
▪Tunisia
▪SaudiArabia
▪Jordan
▪Iraq
▪Palestine
▪Morocco
▪Lebanon
▪Mauritius
▪BurkinaFaso
▪Nigeria
▪Benin
▪Cameroon
▪Tanzania
▪SouthAfrica
Zahedan
Taizz
Tabriz
Suez
Shiraz
Salalah
Quetta
Qandahar
Port Sudan
Port Said
Mosel
Meymaneh
Mekele
Medina
Mecca
Mazar-e Sharif
Mashhad
Kerman
Karachi
Hyderabad
Herat
Esfahan
El-Minya
Bandar Abbas
Bam
Bakhtaran
Atbarah
Aswan
Aseb
Ardabil
Antalya
Al Mukalla
Al Khaluf
Al Ghaydan
Alexandria
Aleppo
Al Basrah
Adana
Tel Aviv
Beni Suef
Yemen
United Arab Emirates
TurkmenistanTurkey
Syria
Sudan
Somalia
Saudi Arabia
Qatar
Pakistan
Oman
Lebanon
Kuwait
Jordan
Israel Iran
Iraq
Eritrea
Egypt
Djibouti
Cyprus
Bahrain
Afghanistan
Tehran
Sanaa
Riyadh
Nicosia
Muscat
Kuwait
Khartoum
Djibouti
Damascus
Cairo
Beirut
Baghdad
Asmara
Amman
Al Manamah
Ad Dawhah
Abu Dhabi
Jerusalem
5
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
RSM SAUDI ARABIA
6
RSMSaudiArabiaisamemberfirmofRSM
International,withover40 yearsinpracticein
theKingdom,havingapanSaudipresence
andover400 professionalmindsworkingto
deliverexcellenceintax,accounting&
consultingsynonymouswiththeglobalbrand.
Overtheyearswehavestrivedforproviding
servicestomorethan5000+clientsacross
variousindustries.
•Deliverworkofthehigheststandard
•FollowingInternationalstandard
practices
•Strivetoexceedexpectations
•Developourpeopletothebestof
theirability
•Buildabrandofsubstance
•Committedtosocialresponsibility
programsand 2030vision
•Respectothersasyouwouldliketobe
respected
•Dotherightthingethicallyand
independently
•Buildtrustedrelationships
Quality
Integrity
Steward
-
ship
Experienced
professionals
delivering
quality
services
4officesinSaudiArabia
Riyadh|Jeddah|AlKhobar
Since1977
5000+
clients
400+
employees
RSM Saudi Arabia Services
Assurance/ Tax&Zakat
Audit
GRC
&InternalAudit
Transaction
Advisory
IKTVA&
Localization
IT/cybersecurity&
DataAdvisory
Business&
Management
Consulting
Outsourcing
TAX
GENERAL REQUIREMENTS
|
RSM Confidential
RSM SAUDI ARABIA
6
RSMSaudiArabiaisamemberfirmofRSM
International,withover40 yearsinpracticein
theKingdom,havingapanSaudipresence
andover400 professionalmindsworkingto
deliverexcellenceintax,accounting&
consultingsynonymouswiththeglobalbrand.
Overtheyearswehavestrivedforproviding
servicestomorethan5000+clientsacross
variousindustries.
•Deliverworkofthehigheststandard
•FollowingInternationalstandard
practices
•Strivetoexceedexpectations
•Developourpeopletothebestof
theirability
•Buildabrandofsubstance
•Committedtosocialresponsibility
programsand 2030vision
•Respectothersasyouwouldliketobe
respected
•Dotherightthingethicallyand
independently
•Buildtrustedrelationships
Quality
Integrity
Steward
-
ship
Experienced
professionals
delivering
quality
services
4officesinSaudiArabia
Riyadh|Jeddah|AlKhobar
Since1977
5000+
clients
400+
employees
RSM Saudi Arabia Services
Assurance/ Tax&Zakat
Audit
GRC
&InternalAudit
Transaction
Advisory
IKTVA&
Localization
IT/cybersecurity&
DataAdvisory
Business&
Management
Consulting
Outsourcing
TAX
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
RSM VALUES –YOUR R-I-T-E-S
7
Asanetwork,weunderpinourbrandwiththefollowingVALUESthatareintegraltothewayweact witheachotherandwithclients:
OurdistinguishingbeliefsandtheRSMway
RESPECT
Treatothersaswe
wouldliketobe
treated
Wedisplayrespectin
eachinteractionwith:
•Clients
•Employees
•Partners
INTEGRITY
Dotheright
thing
Westaytruetoour
beliefs:
•Indecisions
•Innegotiations
•Incommunications
TEAMWORK
Worktogether
effectively
Wecultivate genuine
collaboration:
•Inourworkgroups
•Acrossmemberfirms
•Acrossfunctions
•Amongstleaders
EXCELLENCE
BeTheBestIn
EverythingWeDo
Weachievedistinction
through:
•Ourstandards
•Ouroperations
•Theworkwedeliver
STEWARDSHIP
Better ournetwork,
membersandour
people
WemakeRSMabetter
place by:
•Developingourpeople
•Buildingourbrand
•Supportingour
communities
GENERAL REQUIREMENTS
|
RSM Confidential
RSM VALUES –YOUR R-I-T-E-S
7
Asanetwork,weunderpinourbrandwiththefollowingVALUESthatareintegraltothewayweact witheachotherandwithclients:
OurdistinguishingbeliefsandtheRSMway
RESPECT
Treatothersaswe
wouldliketobe
treated
Wedisplayrespectin
eachinteractionwith:
•Clients
•Employees
•Partners
INTEGRITY
Dotheright
thing
Westaytruetoour
beliefs:
•Indecisions
•Innegotiations
•Incommunications
TEAMWORK
Worktogether
effectively
Wecultivate genuine
collaboration:
•Inourworkgroups
•Acrossmemberfirms
•Acrossfunctions
•Amongstleaders
EXCELLENCE
BeTheBestIn
EverythingWeDo
Weachievedistinction
through:
•Ourstandards
•Ouroperations
•Theworkwedeliver
STEWARDSHIP
Better ournetwork,
membersandour
people
WemakeRSMabetter
place by:
•Developingourpeople
•Buildingourbrand
•Supportingour
communities
AWARDS02
✓WewerethefirstfirmtoissuetheCybersecurityComplianceCertificate
✓3500+AramcothirdpartyforThreatManagementAssessments&Cybersecurity
ComplianceCertificate
✓2100+Certificatesissuedand250+DomainUnblocking
✓Wehavehighlyskilledandexperiencedcybersecurityprofessionalsaroundthe
globeandinSaudiArabia
✓DedicatedteamtoaddressyourrequirementsveryQUICKLY
✓Unmatchedguidancetoensureunderstandingoftheframework
Named#1onBobScott’sTop100VARs
listfortenthconsecutiveyear
AccountingTodayrankedRSM#1onits
2022VAR100List
RSMwontwo2023MicrosoftPartner
oftheYearawardsandwasafinalist
forsixothers
RSMhonoredasOneoftheBestPlacestoWork
2023,aGlassdoorEmployees'ChoiceAward
Winner
RSMreceivedtheGrowthAward
aspartofAppian’sPartnerImpact
andExcellenceAwards
AccountingTodayrecognizedRSMas
OneofitsBestFirmsforTechnology
AWARDSAND RECOGNITIONS
RSMcreatesabetterenvironment
bydevelopingourpeople,building
ourbrand,andsupportingour
communities.
RSMremainscommittedtoits
visionto be the first-choice
advisortomiddle-market
leadersglobally
PEOPLEmagazinehas
honoredRSMasoneofthe
2022PEOPLECompanies
thatCare.
Cultivatesgenuinecollaborationwithin
workgroups,acrossmemberfirms,
acrossfunctions,andamongleaders.
EXPERIENCE
✓3500+AramcothirdpartyforThreatManagementAssessments&Cybersecurity
ComplianceCertificate
✓2100+Certificatesissuedand250+DomainUnblocking
✓Wehavehighlyskilledandexperiencedcybersecurityprofessionalsaroundthe
globeandinSaudiArabia
✓DedicatedteamtoaddressyourrequirementsveryQUICKLY
✓Unmatchedguidancetoensureunderstandingoftheframework
Named#1onBobScott’sTop100VARs
listfortenthconsecutiveyear
AccountingTodayrankedRSM#1onits
2022VAR100List
RSMwontwo2023MicrosoftPartner
oftheYearawardsandwasafinalist
forsixothers
RSMhonoredasOneoftheBestPlacestoWork
2023,aGlassdoorEmployees'ChoiceAward
Winner
RSMreceivedtheGrowthAward
aspartofAppian’sPartnerImpact
andExcellenceAwards
AccountingTodayrecognizedRSMas
OneofitsBestFirmsforTechnology
AWARDSAND RECOGNITIONS
RSMcreatesabetterenvironment
bydevelopingourpeople,building
ourbrand,andsupportingour
communities.
RSMremainscommittedtoits
visionto be the first-choice
advisortomiddle-market
leadersglobally
PEOPLEmagazinehas
honoredRSMasoneofthe
2022PEOPLECompanies
thatCare.
Cultivatesgenuinecollaborationwithin
workgroups,acrossmemberfirms,
acrossfunctions,andamongleaders.
EXPERIENCE
SCOPE &
APPROACH
03
APPROACH
03
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
OUR UNDERSTANDING & INSTRUCTIONS
▪WeunderstandthatyourorganisationisrequiredtocomplywithAramcoSACS-002framework,for
whichyoumayhave been classifiedbyAramcoasperthefollowingmainandsubcategories;
▪CCC
▪GeneralRequirements(Mandatory)
▪ThirdPartymustcomplywithallcybersecuritycontrolsspecified intheappropriateclassas
communicatedbySaudiAramco.These cybersecuritycontrolsmustapplythroughouttheDataLife
Cycle.
▪AllcybersecuritycontrolsspecifiedintheSACS–002standardmustbeimplementedon:
➢AllThirdPartyinformationsystemsand/orAssetsusedtoconnecttoSaudiAramco’s
network;
➢AllThirdParty’sAssetshosting,receiving,storing,processingortransmitting
SaudiAramcodata.These Assetsmustbesecuredandstored
inkeepingwiththisStandardandmustbemadeavailableto
authorizedusersonaneed-to-knowbasis.
11
GENERAL REQUIREMENTS
|
RSM Confidential
OUR UNDERSTANDING & INSTRUCTIONS
▪WeunderstandthatyourorganisationisrequiredtocomplywithAramcoSACS-002framework,for
whichyoumayhave been classifiedbyAramcoasperthefollowingmainandsubcategories;
▪CCC
▪GeneralRequirements(Mandatory)
▪ThirdPartymustcomplywithallcybersecuritycontrolsspecified intheappropriateclassas
communicatedbySaudiAramco.These cybersecuritycontrolsmustapplythroughouttheDataLife
Cycle.
▪AllcybersecuritycontrolsspecifiedintheSACS–002standardmustbeimplementedon:
➢AllThirdPartyinformationsystemsand/orAssetsusedtoconnecttoSaudiAramco’s
network;
➢AllThirdParty’sAssetshosting,receiving,storing,processingortransmitting
SaudiAramcodata.These Assetsmustbesecuredandstored
inkeepingwiththisStandardandmustbemadeavailableto
authorizedusersonaneed-to-knowbasis.
11
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
AUDIT SCOPE
12
ThescopeofworkwillbetoaudittheCybersecuritypostureofyourcompanyonthefollowingcontrolsasspecifiedby
Aramcobasedontheirrespectiveclassifications,whichisinclusiveofgeneralrequirementscontrols.
RefertoSACS002Third-PartySecurityStandarddocumentforthecontrols.
ThethirdpartycontrolsaredividedbyAramcoasperbelowtableforgeneralrequirementsandotherspecific
requirementsonthenextpage;
01 21 01
AccessControls 1AccessControls 5Communication 1
Awareness&Training 3
DataSecurity 8
InformationProtectionProcessesandProcedures(IP) 2
Protectivetechnology 3
Control
Area
Identify Protect Respond
Total23
MandatoryGeneralRequirements
GENERAL REQUIREMENTS
|
RSM Confidential
AUDIT SCOPE
12
ThescopeofworkwillbetoaudittheCybersecuritypostureofyourcompanyonthefollowingcontrolsasspecifiedby
Aramcobasedontheirrespectiveclassifications,whichisinclusiveofgeneralrequirementscontrols.
RefertoSACS002Third-PartySecurityStandarddocumentforthecontrols.
ThethirdpartycontrolsaredividedbyAramcoasperbelowtableforgeneralrequirementsandotherspecific
requirementsonthenextpage;
01 21 01
AccessControls 1AccessControls 5Communication 1
Awareness&Training 3
DataSecurity 8
InformationProtectionProcessesandProcedures(IP) 2
Protectivetechnology 3
Control
Area
Identify Protect Respond
Total23
MandatoryGeneralRequirements
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
CERTIFICATION PROCESS
13
GENERAL REQUIREMENTS
|
RSM Confidential
CERTIFICATION PROCESS
13
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
APPROACH & TIMELINE
01
-Request for company details &
classification confirmation
02
-Proposal sharing
-Clarifying doubts
-Proposal Acceptance
03
-Signing engagement letter
-Sharing assessment package &
instructions
04
Share sample of evidence extraction &
clarify the TPC (Third Party Controls)
requirement on multiple sessions if
required.
05
Request the following from the clients:
-Evidence documents
-Official letter confirming the shared
documents are authentic
06
Review client’s evidences
07
Provide feedback on the
evidences
08
Request new evidences, if shared
evidences fall short
09
Conduct validation session & finalize
the official report on Aramco template
10
Submit final report to client
11
Issue the certificate and the
workpaper
14
GENERAL REQUIREMENTS
|
RSM Confidential
APPROACH & TIMELINE
01
-Request for company details &
classification confirmation
02
-Proposal sharing
-Clarifying doubts
-Proposal Acceptance
03
-Signing engagement letter
-Sharing assessment package &
instructions
04
Share sample of evidence extraction &
clarify the TPC (Third Party Controls)
requirement on multiple sessions if
required.
05
Request the following from the clients:
-Evidence documents
-Official letter confirming the shared
documents are authentic
06
Review client’s evidences
07
Provide feedback on the
evidences
08
Request new evidences, if shared
evidences fall short
09
Conduct validation session & finalize
the official report on Aramco template
10
Submit final report to client
11
Issue the certificate and the
workpaper
14
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
ASSESSMENT TYPES & TIMELINE
15
RemoteAssessmentTimeFrame
AssessmentType BusinessDays
GeneralRequirements 5
OutsourcedInfrastructure 5
CustomizedSoftware 5
AssessmentType Description Applicability
RemoteAssessment Aself-complianceassessmentagainstSACS-002completedbythethirdpartyand
verifiedremotelybytheauditfirm.
▪OutsourcedInfrastructure
▪CustomizedSoftware
▪GeneralRequirements
On-siteAssessment Anon-sitecomplianceassessmentagainstSACS-002conductedbytheauditfirm.▪NetworkConnectivity
▪CriticalDataProcessor
On-siteAssessmentTimeFrame
AssessmentType BusinessDays
NetworkConnectivity 10
CriticalDataProcessor 10
GENERAL REQUIREMENTS
|
RSM Confidential
ASSESSMENT TYPES & TIMELINE
15
RemoteAssessmentTimeFrame
AssessmentType BusinessDays
GeneralRequirements 5
OutsourcedInfrastructure 5
CustomizedSoftware 5
AssessmentType Description Applicability
RemoteAssessment Aself-complianceassessmentagainstSACS-002completedbythethirdpartyand
verifiedremotelybytheauditfirm.
▪OutsourcedInfrastructure
▪CustomizedSoftware
▪GeneralRequirements
On-siteAssessment Anon-sitecomplianceassessmentagainstSACS-002conductedbytheauditfirm.▪NetworkConnectivity
▪CriticalDataProcessor
On-siteAssessmentTimeFrame
AssessmentType BusinessDays
NetworkConnectivity 10
CriticalDataProcessor 10
YOUR TEAM04
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
Withover15yearsofexperience,SadeqhhasbeenassociatedwithmediumandlargefirmsacrossEurope,Asiaandthe
MiddleEastmanaging &executingprojects,alongwithbuildingstrongbusiness partnerships.Hisexperience&domain
knowledgeenableshimtolinkbusinessrequirementsto optimalsolutionsavailable inthemarket and to overseeproject
execution.
Sadeqhisexperiencedacrossvariousindustriescoveringretailsector,NBFC,investmentfirms,insurance,oilandgas,real
estateandmanufacturing.Hehasworkedwithvariousmultinationalclients.Hehasstrongexperienceintechnologyand
solutions.
▪Developed enterprisewideITpoliciesandproceduresformultinationalorganizations;
▪Develop&AuditInformation/CybersecuritySecurityPolicies,StandardsandGuidelines;
▪Performed systemassessmentandselection;
▪PerformedAssessmentofdataprotectioncoveringpoliciesandprocedures,datasecurity,dataclassificationandriskassessment;
▪Streamliningoperationsmanagementbyre-designingprocessflows,policies &proceduresintegratingand collaboratingonERP
systemsandenhancinginter-departmentcommunications;
▪Asatransformationspecialist resolvingcripplinginefficienciesbyrestructuringorganizations;
▪Developedcommunicationstrategy&implementedorganization-widetransformationprogram;
▪Craftinggrowthstrategies forbusinessesbasedoninternalandexternalmarketassessments,competencyand
capabilityevaluation;
▪Developedcorporategovernanceframeworktoenablecorporatizationoffamilybusinesses&SME’s.(SmallmediumEnterprises);
▪Technical andanalyticalcapabilities,includingfamiliaritywithapplicationandITgeneralcontrols,technicalenvironmentsand
emergingITtrends.
▪MastersinBusinessAdministration,SheffieldBusinessSchool,UK
▪CertifiedCISA(ISACA)
▪CertifiedCRISC(ISACA)
RelevantExperience
Sadeqh Saleem
CISA,CRISC
SeniorDirector
IT & Cyber Risk Advisory, ProgramDirectorCCC
Profile EducationandCertification
17
Profile
GENERAL REQUIREMENTS
|
RSM Confidential
Withover15yearsofexperience,SadeqhhasbeenassociatedwithmediumandlargefirmsacrossEurope,Asiaandthe
MiddleEastmanaging &executingprojects,alongwithbuildingstrongbusiness partnerships.Hisexperience&domain
knowledgeenableshimtolinkbusinessrequirementsto optimalsolutionsavailable inthemarket and to overseeproject
execution.
Sadeqhisexperiencedacrossvariousindustriescoveringretailsector,NBFC,investmentfirms,insurance,oilandgas,real
estateandmanufacturing.Hehasworkedwithvariousmultinationalclients.Hehasstrongexperienceintechnologyand
solutions.
▪Developed enterprisewideITpoliciesandproceduresformultinationalorganizations;
▪Develop&AuditInformation/CybersecuritySecurityPolicies,StandardsandGuidelines;
▪Performed systemassessmentandselection;
▪PerformedAssessmentofdataprotectioncoveringpoliciesandprocedures,datasecurity,dataclassificationandriskassessment;
▪Streamliningoperationsmanagementbyre-designingprocessflows,policies &proceduresintegratingand collaboratingonERP
systemsandenhancinginter-departmentcommunications;
▪Asatransformationspecialist resolvingcripplinginefficienciesbyrestructuringorganizations;
▪Developedcommunicationstrategy&implementedorganization-widetransformationprogram;
▪Craftinggrowthstrategies forbusinessesbasedoninternalandexternalmarketassessments,competencyand
capabilityevaluation;
▪Developedcorporategovernanceframeworktoenablecorporatizationoffamilybusinesses&SME’s.(SmallmediumEnterprises);
▪Technical andanalyticalcapabilities,includingfamiliaritywithapplicationandITgeneralcontrols,technicalenvironmentsand
emergingITtrends.
▪MastersinBusinessAdministration,SheffieldBusinessSchool,UK
▪CertifiedCISA(ISACA)
▪CertifiedCRISC(ISACA)
RelevantExperience
Sadeqh Saleem
CISA,CRISC
SeniorDirector
IT & Cyber Risk Advisory, ProgramDirectorCCC
Profile EducationandCertification
17
Profile
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
FaiyazAliisaManagerwithRSMSaudiArabia.HeisaMultiSkilledITProfessionalwithextensive20years’experiencein
ITandsecurity.HehasextensiveexperienceinHightechProjectManagement,CloudSolutions, CyberSecurity
ImplementationandAuditing.Healsohas practicalknowledgeof ComplexHybridSystemBuilds,Integrationsand
Migration,infrastructuresecurityandIToperations.AmonghisexperienceinSecuritydomainincludesSIEM,Security
OperationCenterand IncidentManagement
FaiyazhasInDepthknowledge ofDeployingandAdministeringCorporateNetworkSecurityinfrastructure.HeisanExpert
inmultivendorFirewalls( Sophos,FortiGate,Cyberoam),SDWANtechnologiesincludingIPS/IDS/WAFVPNlinks
optimization.
▪MasterofScience(MajorinComputer Science),OsmaniaUniversity,India
▪CertifiedCISM(ISACA),
▪AWSCertifiedCloudSolutionArchitect(Amazon)
▪CertifiedITILv4(Axelos),
▪CertifiedMCSA,MCSE,MCP(Microsoft)
▪CertifiedCISCONetworkAssociate(CCNA)
▪CertifiedISO27001LeadImplementor(PECB)
▪CertifiedLinuxAdministrator(SLES)
Faiyaz Ali
MSc (CS),MCP,AWS-CSA,CISM
AssociateDirector
IT & Cyber Risk Advisory & Aramco CCC Audit
Profile EducationandCertification
18
Profile
▪LedIT Departmentoperationalandstrategicplanning, includingfosteringinnovation,projectmanagement,andorganizing
andnegotiatingtheallocationofresources;
▪Migratedacritical OnPremisesERP/Financelegacyapplicationto arobustandscalableAWSCloudhostedplatform;
▪EstablishedanOffsiteSecurity OperationCenter(afterimplementingSIEMbasedSecuritymonitoringfor247Incident
Management;
▪LedIT Securityteamresponsibleforaddressingsecurity breachesinprojectsandconductingcompromise
assessments;
▪ParticipatedinREDTEAMpenetrationtestingexercises;
▪DesignedandImplementedemployeeIT securityawarenessinitiatives,ConductedmockPhishingexercises;
▪PartofInternalComplianceAuditteamtaskedwithSecurityassessmentofallhighprofileMinistryprojects;
▪Supportorganizationstoobtain GDPRISOcompliancecertificationsincludingISO27001andISO9001;
▪Initiated andconductedinternalauditsfor ServerandUserApplicationsLicenseManagementsforAuditcompliance.
RelevantExperience
GENERAL REQUIREMENTS
|
RSM Confidential
FaiyazAliisaManagerwithRSMSaudiArabia.HeisaMultiSkilledITProfessionalwithextensive20years’experiencein
ITandsecurity.HehasextensiveexperienceinHightechProjectManagement,CloudSolutions, CyberSecurity
ImplementationandAuditing.Healsohas practicalknowledgeof ComplexHybridSystemBuilds,Integrationsand
Migration,infrastructuresecurityandIToperations.AmonghisexperienceinSecuritydomainincludesSIEM,Security
OperationCenterand IncidentManagement
FaiyazhasInDepthknowledge ofDeployingandAdministeringCorporateNetworkSecurityinfrastructure.HeisanExpert
inmultivendorFirewalls( Sophos,FortiGate,Cyberoam),SDWANtechnologiesincludingIPS/IDS/WAFVPNlinks
optimization.
▪MasterofScience(MajorinComputer Science),OsmaniaUniversity,India
▪CertifiedCISM(ISACA),
▪AWSCertifiedCloudSolutionArchitect(Amazon)
▪CertifiedITILv4(Axelos),
▪CertifiedMCSA,MCSE,MCP(Microsoft)
▪CertifiedCISCONetworkAssociate(CCNA)
▪CertifiedISO27001LeadImplementor(PECB)
▪CertifiedLinuxAdministrator(SLES)
Faiyaz Ali
MSc (CS),MCP,AWS-CSA,CISM
AssociateDirector
IT & Cyber Risk Advisory & Aramco CCC Audit
Profile EducationandCertification
18
Profile
▪LedIT Departmentoperationalandstrategicplanning, includingfosteringinnovation,projectmanagement,andorganizing
andnegotiatingtheallocationofresources;
▪Migratedacritical OnPremisesERP/Financelegacyapplicationto arobustandscalableAWSCloudhostedplatform;
▪EstablishedanOffsiteSecurity OperationCenter(afterimplementingSIEMbasedSecuritymonitoringfor247Incident
Management;
▪LedIT Securityteamresponsibleforaddressingsecurity breachesinprojectsandconductingcompromise
assessments;
▪ParticipatedinREDTEAMpenetrationtestingexercises;
▪DesignedandImplementedemployeeIT securityawarenessinitiatives,ConductedmockPhishingexercises;
▪PartofInternalComplianceAuditteamtaskedwithSecurityassessmentofallhighprofileMinistryprojects;
▪Supportorganizationstoobtain GDPRISOcompliancecertificationsincludingISO27001andISO9001;
▪Initiated andconductedinternalauditsfor ServerandUserApplicationsLicenseManagementsforAuditcompliance.
RelevantExperience
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
FaisalisamanagerinRSMwith8over yearsofexperienceinthefieldofITgovernance,riskandcompliance.Priorto
joiningRSM,Faisal workedwith Ernst&YoungMalaysiafocusingontechnologyconsultingandtechnologyriskassurance.
HeledtheSAPassurancepractice inEY. HehasledvariousteamsacrossvariousITconsultingandIT audit
engagements.AmongengagementhehasledincludesSAPITauditengagements,developingIT governance
framework,SetupofITgovernanceorganization,Informationsecurityprogramdevelopmentandimplementation,third
partyvendormanagementframework,dataprivacyandsecurity,businesscontinuityandDisasterRecovery.
HehasstrongexperienceinlargeERPapplicationsprimarily SAPwherehefocusesonSAPsecuritycontrolsandSAP
automatedapplicationcontrols.FaisalstartedhiscareerwithBPwherehewasworkingoninternationalengagementson
SAPprojectimplementation.
▪BachelorofInformationTechnology,InternationalIslamicUniversity,
Malaysia
▪CertifiedCISA (ISACA),
▪CertifiedCISM(ISACA),
▪CertifiedITILV32011(Axelos),
▪CertifiedBusinessAnalysis(BCS)
▪GovernanceRiskandComplianceProfessional(GRCP)(OCEG)
▪CertifiedCompTIANetwork+ (CompTIA
Faisal Jamil
CISA,CISM
AssociateDirector
IT & Cyber Risk Advisory
Profile EducationandCertification
19
Profile
▪LeadteamstoperformITInternalAuditsforvarioussectorscoveringITgovernancereview,ITgeneralcontrols,Application
controlsandinformationsecurityreviews.AmongSAPauditshehasconductedincludedlargeandmultinationalorganizations
suchasShell,SchneiderElectric,DKSH,PETRONAS,BP, Hitachi,Maybank,Travelex,UMWToyotaetc.
▪LedvariousteamstoperformITExternalAuditforvariousprivateandlistedcompanies;
▪DevelopedenterprisewideITpoliciesand proceduresformultinationalorganizations;
▪Established ITgovernanceandsecurityframeworkfororganizations;
▪Deliveredend-to-endinformationsecurityprogramcoveringISO27001,SaudiNCAECC1andCITCrequirements
▪PerformedAssessmentofdata protectioncoveringpolicies andprocedures,datasecurity,dataclassificationandriskassessment;
▪DevelopedenterprisechangemanagementprogramforclientsusingSAPapplications.
RelevantExperience
GENERAL REQUIREMENTS
|
RSM Confidential
FaisalisamanagerinRSMwith8over yearsofexperienceinthefieldofITgovernance,riskandcompliance.Priorto
joiningRSM,Faisal workedwith Ernst&YoungMalaysiafocusingontechnologyconsultingandtechnologyriskassurance.
HeledtheSAPassurancepractice inEY. HehasledvariousteamsacrossvariousITconsultingandIT audit
engagements.AmongengagementhehasledincludesSAPITauditengagements,developingIT governance
framework,SetupofITgovernanceorganization,Informationsecurityprogramdevelopmentandimplementation,third
partyvendormanagementframework,dataprivacyandsecurity,businesscontinuityandDisasterRecovery.
HehasstrongexperienceinlargeERPapplicationsprimarily SAPwherehefocusesonSAPsecuritycontrolsandSAP
automatedapplicationcontrols.FaisalstartedhiscareerwithBPwherehewasworkingoninternationalengagementson
SAPprojectimplementation.
▪BachelorofInformationTechnology,InternationalIslamicUniversity,
Malaysia
▪CertifiedCISA (ISACA),
▪CertifiedCISM(ISACA),
▪CertifiedITILV32011(Axelos),
▪CertifiedBusinessAnalysis(BCS)
▪GovernanceRiskandComplianceProfessional(GRCP)(OCEG)
▪CertifiedCompTIANetwork+ (CompTIA
Faisal Jamil
CISA,CISM
AssociateDirector
IT & Cyber Risk Advisory
Profile EducationandCertification
19
Profile
▪LeadteamstoperformITInternalAuditsforvarioussectorscoveringITgovernancereview,ITgeneralcontrols,Application
controlsandinformationsecurityreviews.AmongSAPauditshehasconductedincludedlargeandmultinationalorganizations
suchasShell,SchneiderElectric,DKSH,PETRONAS,BP, Hitachi,Maybank,Travelex,UMWToyotaetc.
▪LedvariousteamstoperformITExternalAuditforvariousprivateandlistedcompanies;
▪DevelopedenterprisewideITpoliciesand proceduresformultinationalorganizations;
▪Established ITgovernanceandsecurityframeworkfororganizations;
▪Deliveredend-to-endinformationsecurityprogramcoveringISO27001,SaudiNCAECC1andCITCrequirements
▪PerformedAssessmentofdata protectioncoveringpolicies andprocedures,datasecurity,dataclassificationandriskassessment;
▪DevelopedenterprisechangemanagementprogramforclientsusingSAPapplications.
RelevantExperience
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
AbdulHafeezhasatotalofaround20yearsand3months ofworkexperienceinIT industry outof whichhehasworkedin
InformationSecurity domainforover18+years.
He hasexperienceinconductingvariousInternal&ExternalAudits(ISO27001,VAPT,PurpleTests, Business
Excellence,Performancemanagement, OHSAS,HIRA,internalAuditsforSubsidiaries). He has worked across most
industries in KSA and provided exemplary insights into Information & Cyber Security.
▪DiplomainElectronics&Telecommunication(InformationTechnology)-
BangaloreUniversity
▪CertifiedEthicalHacker
▪CertifiedBusiness ExcellenceLeadAuditor
▪CCNA&CCNP
▪ITILV3,ITILV4
▪CertifiedNetworkSecurityEngineer
▪DatacenterExpert
▪VmwareVirtualizationExpert
▪CloudSecurity
▪CISA
▪LeadAuditor
▪CISM
Abdul Hafeez
CISA,CISM, Lead Auditor
AssociateDirector
IT & Cyber Risk Advisory
Profile EducationandCertification
20
Profile
▪ExperienceinManagingNetwork&DataCentreOperations,SecurityManagement,SystemAdministration,
VirtualizationExpert,
▪ManagementofentireITInfrastructure,ITHelpdesk,BackupOperations,EmployeeSkillManagement
▪ExperienceinDataPrivacy,NetworkSecurity,CyberSecurity,Vulnerability,Hardening,SecurityInformation&EventManagement(
SIEM),PatchManagement,VendorManagement,Antivirus
▪ManagementofentireInformationSecurityCompliance,Governance,LegalIssues
▪ExperienceinDisasterRecovery,BusinessContinuityManagement,Implementation&ManagementofNetworkAccess
Control–NAC(CiscoISE&Nevis)
▪ExperienceinsettinguptheentireITInfrastructureforapprox.60+officesorsites(more than5000users) globally
RelevantExperience
GENERAL REQUIREMENTS
|
RSM Confidential
AbdulHafeezhasatotalofaround20yearsand3months ofworkexperienceinIT industry outof whichhehasworkedin
InformationSecurity domainforover18+years.
He hasexperienceinconductingvariousInternal&ExternalAudits(ISO27001,VAPT,PurpleTests, Business
Excellence,Performancemanagement, OHSAS,HIRA,internalAuditsforSubsidiaries). He has worked across most
industries in KSA and provided exemplary insights into Information & Cyber Security.
▪DiplomainElectronics&Telecommunication(InformationTechnology)-
BangaloreUniversity
▪CertifiedEthicalHacker
▪CertifiedBusiness ExcellenceLeadAuditor
▪CCNA&CCNP
▪ITILV3,ITILV4
▪CertifiedNetworkSecurityEngineer
▪DatacenterExpert
▪VmwareVirtualizationExpert
▪CloudSecurity
▪CISA
▪LeadAuditor
▪CISM
Abdul Hafeez
CISA,CISM, Lead Auditor
AssociateDirector
IT & Cyber Risk Advisory
Profile EducationandCertification
20
Profile
▪ExperienceinManagingNetwork&DataCentreOperations,SecurityManagement,SystemAdministration,
VirtualizationExpert,
▪ManagementofentireITInfrastructure,ITHelpdesk,BackupOperations,EmployeeSkillManagement
▪ExperienceinDataPrivacy,NetworkSecurity,CyberSecurity,Vulnerability,Hardening,SecurityInformation&EventManagement(
SIEM),PatchManagement,VendorManagement,Antivirus
▪ManagementofentireInformationSecurityCompliance,Governance,LegalIssues
▪ExperienceinDisasterRecovery,BusinessContinuityManagement,Implementation&ManagementofNetworkAccess
Control–NAC(CiscoISE&Nevis)
▪ExperienceinsettinguptheentireITInfrastructureforapprox.60+officesorsites(more than5000users) globally
RelevantExperience
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
Esraa currently works as an IT Analyst in Aramco Cybersecurity program. She has assessed more than a 1000 clients
and leads the process in terms of Audit.
Esraa is passionate about learning and gaining knowledge in the security domain. She has the ability to develop, quick
learning, effective communication and problem Solving.
▪BachelorinInformationSystemsFromcollegeofComputerScienceand
InformationTechnologyPrincessNoraBintAbdul-RahmanUniversity
(PNU).
▪CertifiedCISA(ISACA),
▪CertifiedCISCONetworkAssociate(CCNA)
Esraa Khaled Al-Zidan
CISA
Consultant
IT & Cyber Risk Advisory
Profile EducationandCertification
21
Profile
▪Conductingcybersecurity assessments forSaudiAramcothirdpartyvendors.
▪AcademicGuidanceandsupervisioninPrincessNoraBintAbdul-RahmanUniversity.
▪ManageCiscoIOSsoftwarelicensingandconfigurationfiles.
▪Familiaritywiththebasicsofadministrativesciencesand entrepreneurship-feasibilitystudies.
▪Identifyingsecurity&controlrisksandproviding recommendations.
▪Commitmenttoprofessionalandethicalresponsibilityandtomaintainuserprivacyandinformationsecurityinvariousareasof
development.
▪Comfortable discussing technicalissuesandsolutionswithanalystsaswellasclients.
RelevantExperience
GENERAL REQUIREMENTS
|
RSM Confidential
Esraa currently works as an IT Analyst in Aramco Cybersecurity program. She has assessed more than a 1000 clients
and leads the process in terms of Audit.
Esraa is passionate about learning and gaining knowledge in the security domain. She has the ability to develop, quick
learning, effective communication and problem Solving.
▪BachelorinInformationSystemsFromcollegeofComputerScienceand
InformationTechnologyPrincessNoraBintAbdul-RahmanUniversity
(PNU).
▪CertifiedCISA(ISACA),
▪CertifiedCISCONetworkAssociate(CCNA)
Esraa Khaled Al-Zidan
CISA
Consultant
IT & Cyber Risk Advisory
Profile EducationandCertification
21
Profile
▪Conductingcybersecurity assessments forSaudiAramcothirdpartyvendors.
▪AcademicGuidanceandsupervisioninPrincessNoraBintAbdul-RahmanUniversity.
▪ManageCiscoIOSsoftwarelicensingandconfigurationfiles.
▪Familiaritywiththebasicsofadministrativesciencesand entrepreneurship-feasibilitystudies.
▪Identifyingsecurity&controlrisksandproviding recommendations.
▪Commitmenttoprofessionalandethicalresponsibilityandtomaintainuserprivacyandinformationsecurityinvariousareasof
development.
▪Comfortable discussing technicalissuesandsolutionswithanalystsaswellasclients.
RelevantExperience
FEES &
ASSUMPTIONS
05
ASSUMPTIONS
05
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
FEES
23
# Description Unit
Fees(Remote
Assessment)
1
CybersecurityComplianceAssessment
-GeneralRequirements (*WithReport&CertificationValidfor2years) PerCommercialRegistration SAR7,500
-Thefeeincludes;
-Asessionwiththeassessmentteamtoclarifyyourdoubtsandsupportonevidencecompletion;
-Unlimitedreviews till you get certified without any charges (in our experience 3 reviews are more than needed to reach the validation stage and we request you to
consider the time and effort and minimize the no. of reviews);
-Assured responses on submitted evidences within 3-5 days.
-Ourteamisinteractiveandhighlyexperiencedinmanagingtheclientandtheirexpectations;
-Thefeeisbasedoncompletingthetaskandisnotbasedonno.ofhours,overalltheassessmentandissuanceofcertificatedoesnottakemorethan5-10daysfromthe
dateofsubmissionofcompletedevidences;
-Iftherearecommentsandrequirefurtherevidences,thetimeimpactis basedonyourresponsestoourrequests;
-Theassessmentwillbedoneremotelywhereinyouwould havetosharetheevidencesintheform ofscreenshotsandfinishtheassessmentwitharemotesession,on
successfulselection,wewillsharethe assessmentpackagewhichshallhavethesampledocumentsandotherguidelines;
-ThefeeisexcludingVAT;
-100%Paymentadvance(Wecannotnotissuethecertificatewithoutpaymentclearance).
GENERAL REQUIREMENTS
|
RSM Confidential
FEES
23
# Description Unit
Fees(Remote
Assessment)
1
CybersecurityComplianceAssessment
-GeneralRequirements (*WithReport&CertificationValidfor2years) PerCommercialRegistration SAR7,500
-Thefeeincludes;
-Asessionwiththeassessmentteamtoclarifyyourdoubtsandsupportonevidencecompletion;
-Unlimitedreviews till you get certified without any charges (in our experience 3 reviews are more than needed to reach the validation stage and we request you to
consider the time and effort and minimize the no. of reviews);
-Assured responses on submitted evidences within 3-5 days.
-Ourteamisinteractiveandhighlyexperiencedinmanagingtheclientandtheirexpectations;
-Thefeeisbasedoncompletingthetaskandisnotbasedonno.ofhours,overalltheassessmentandissuanceofcertificatedoesnottakemorethan5-10daysfromthe
dateofsubmissionofcompletedevidences;
-Iftherearecommentsandrequirefurtherevidences,thetimeimpactis basedonyourresponsestoourrequests;
-Theassessmentwillbedoneremotelywhereinyouwould havetosharetheevidencesintheform ofscreenshotsandfinishtheassessmentwitharemotesession,on
successfulselection,wewillsharethe assessmentpackagewhichshallhavethesampledocumentsandotherguidelines;
-ThefeeisexcludingVAT;
-100%Paymentadvance(Wecannotnotissuethecertificatewithoutpaymentclearance).
CYBERSECURITY (SACS -002) PROPOSAL
GENERAL REQUIREMENTS
|
RSM Confidential
ASSUMPTIONS
24
Assumptions Description
Access&
Implementation
•Promptaccesstoinformationwerequiretoperformanyplannedactivity,thequalityandcontentofwhichwillmeettheprojectneeds.
•Theclientneedstoimplementallcontrolsbeforesendingtheworkpapertous.ItisnowhereRSM’sresponsibilitytoconductanykindof
implementation.
ClientSupport
•Topmanagementsupportsthisprojectandwillprovidethedesiredlevelof sponsorship.
•Appointanemployeeasaprojectmanager/coordinatorwithauthorityfortheproject.Personwillberesponsibleforschedulingproject interviews,
workshops,meetings,assistancewithworkshopplanningandfacilitation.
•Ourteamwillbeprovidedworkingspacetocarryouttheworkonyour premisesincaseofanon-siteassessment.
•Theclientshouldunderstandthateverytimeevidencesaresent,wewould need2-4daystorevertback
MeetingsInterviews
Workshops
•Resources andstakeholders willbeavailableasneededtomeetprojectrequirementsandtimelines.Thelackofavailabilityofappropriate resourcescan
potentiallyimpactthetimelinesandpossiblythecostoftheproject.Properplanningwillbemadeaheadof time.
•Timingofmeetings,interviewsandworkshops,willbemutuallyagreedandadheredto.Delaysingettingtheinformationandordelayin
revision/validatingdeliverableswillbeloggedandwewillnotberesponsiblefor thisdelayassuch.
ScopeofWork
Assumptions
•AllcommunicationsandprojectdeliverableswillbeinEnglish.
•Projectobjectives,scope,approachanddeliverablesasoutlinedinourproposedprojectapproach.
•Alltimelinesarebasedonsubmissionofcompletedevidences.
•Auditwillonlybeginpostsubmissionofcompletedevidences.
•IfanentityhasmultipleCR’sandaresharingtheinfrastructure,theInfrastructureofentitiesshouldbesameorelsethepricingwillbefor each
classificationandwouldbeagreedbeforehand.
Tax,Invoice&
Validity
•Anytaxesthataredueinrelationtotheservicesprovided–includingVATand/orServiceTax–shallbepaidbytheclient.
•Allourinvoicesarepayablewithin 7daysoftheissuanceoftheinvoice.
•Thevalidityofthisproposalis10daysfromthedateofsubmission.
GENERAL REQUIREMENTS
|
RSM Confidential
ASSUMPTIONS
24
Assumptions Description
Access&
Implementation
•Promptaccesstoinformationwerequiretoperformanyplannedactivity,thequalityandcontentofwhichwillmeettheprojectneeds.
•Theclientneedstoimplementallcontrolsbeforesendingtheworkpapertous.ItisnowhereRSM’sresponsibilitytoconductanykindof
implementation.
ClientSupport
•Topmanagementsupportsthisprojectandwillprovidethedesiredlevelof sponsorship.
•Appointanemployeeasaprojectmanager/coordinatorwithauthorityfortheproject.Personwillberesponsibleforschedulingproject interviews,
workshops,meetings,assistancewithworkshopplanningandfacilitation.
•Ourteamwillbeprovidedworkingspacetocarryouttheworkonyour premisesincaseofanon-siteassessment.
•Theclientshouldunderstandthateverytimeevidencesaresent,wewould need2-4daystorevertback
MeetingsInterviews
Workshops
•Resources andstakeholders willbeavailableasneededtomeetprojectrequirementsandtimelines.Thelackofavailabilityofappropriate resourcescan
potentiallyimpactthetimelinesandpossiblythecostoftheproject.Properplanningwillbemadeaheadof time.
•Timingofmeetings,interviewsandworkshops,willbemutuallyagreedandadheredto.Delaysingettingtheinformationandordelayin
revision/validatingdeliverableswillbeloggedandwewillnotberesponsiblefor thisdelayassuch.
ScopeofWork
Assumptions
•AllcommunicationsandprojectdeliverableswillbeinEnglish.
•Projectobjectives,scope,approachanddeliverablesasoutlinedinourproposedprojectapproach.
•Alltimelinesarebasedonsubmissionofcompletedevidences.
•Auditwillonlybeginpostsubmissionofcompletedevidences.
•IfanentityhasmultipleCR’sandaresharingtheinfrastructure,theInfrastructureofentitiesshouldbesameorelsethepricingwillbefor each
classificationandwouldbeagreedbeforehand.
Tax,Invoice&
Validity
•Anytaxesthataredueinrelationtotheservicesprovided–includingVATand/orServiceTax–shallbepaidbytheclient.
•Allourinvoicesarepayablewithin 7daysoftheissuanceoftheinvoice.
•Thevalidityofthisproposalis10daysfromthedateofsubmission.
© RSM International Association, 2024
RSM Saudi Arabia is a member of the RSM network and trades as RSM. RSM is the trading name used by the members of the RSM network. Each member of the RSM network is an independent accounting and consulting firm, each of which practices in its
own right. The RSM network is not itself a separate legal entity of any description in any jurisdiction.
The network is administered by RSM International Limited, a company registered in England and W ales (company number 4040598) whose registered office is at 50 Cannon Street, London EC4N 6JJ. The brand and trademark RSM and other intellectual
property rights used by members of the network are owned by RSM International Association, an association governed by article60 et seq of the Civil Code of Switzerland whose seat is in Zug.
SadeqhSaleem Senior
Director-IT& Cyber
RiskAdvisory
[email protected]
+966549983377
AbdulHafeezAssociate
Director-IT& CyberRisk
Advisory
[email protected]
+966560591912
MohammadAlNader
ManagingPartner RSM
SaudiArabia
[email protected]
+966552284828
TauseefGhazi
Principal,RiskAdvisoryServices RSM
USLLP
[email protected]
+18328789211
FaisalJamil
AssociateDirector-IT&
CyberRiskAdvisory
[email protected]
+966530627194
JEDDAH
AlBadriahTowers,OfficeNo.41,4th floor,Building
No.2786.
PrinceSaudAl-Faisal,AlKhalidiyah
District,Jeddah,SaudiArabia. Mob:
+966560589684
Tel:+966126061405
Fax:+966114139349
Email:[email protected]
RIYADHASSURANCEOFFICE
1stfloor,BuildingNo.3193,
Al-OroubaRoad,AlOlayaDistrict,
P.O.Box8246
Riyadh12333-8335,SaudiArabia Mob:
+966566005285
Tel:+966114562974
Fax:+966114940587
Email:[email protected]
AL-KHOBAR
OfficeNo.405&406,4thFloor, EasternCement
Tower,Khobar-DammamHighway,Al-Khobar,
SaudiArabia
Mob:+966594423063
Tel:+966138147098
Fax:+966(13)8146882
Email:[email protected]
RIYADHADVISORYOFFICE
2
ndfloor,AvenuePlazaBuilding, KingKhaled
Road,Al OlayaDistrict, Riyadh,SaudiArabia
Mob:+966505143087
Email:[email protected];
Faiyaz Ali
AssociateDirector-IT&
CyberRiskAdvisory
[email protected]
+966505590350
RSM Saudi Arabia is a member of the RSM network and trades as RSM. RSM is the trading name used by the members of the RSM network. Each member of the RSM network is an independent accounting and consulting firm, each of which practices in its
own right. The RSM network is not itself a separate legal entity of any description in any jurisdiction.
The network is administered by RSM International Limited, a company registered in England and W ales (company number 4040598) whose registered office is at 50 Cannon Street, London EC4N 6JJ. The brand and trademark RSM and other intellectual
property rights used by members of the network are owned by RSM International Association, an association governed by article60 et seq of the Civil Code of Switzerland whose seat is in Zug.
SadeqhSaleem Senior
Director-IT& Cyber
RiskAdvisory
[email protected]
+966549983377
AbdulHafeezAssociate
Director-IT& CyberRisk
Advisory
[email protected]
+966560591912
MohammadAlNader
ManagingPartner RSM
SaudiArabia
[email protected]
+966552284828
TauseefGhazi
Principal,RiskAdvisoryServices RSM
USLLP
[email protected]
+18328789211
FaisalJamil
AssociateDirector-IT&
CyberRiskAdvisory
[email protected]
+966530627194
JEDDAH
AlBadriahTowers,OfficeNo.41,4th floor,Building
No.2786.
PrinceSaudAl-Faisal,AlKhalidiyah
District,Jeddah,SaudiArabia. Mob:
+966560589684
Tel:+966126061405
Fax:+966114139349
Email:[email protected]
RIYADHASSURANCEOFFICE
1stfloor,BuildingNo.3193,
Al-OroubaRoad,AlOlayaDistrict,
P.O.Box8246
Riyadh12333-8335,SaudiArabia Mob:
+966566005285
Tel:+966114562974
Fax:+966114940587
Email:[email protected]
AL-KHOBAR
OfficeNo.405&406,4thFloor, EasternCement
Tower,Khobar-DammamHighway,Al-Khobar,
SaudiArabia
Mob:+966594423063
Tel:+966138147098
Fax:+966(13)8146882
Email:[email protected]
RIYADHADVISORYOFFICE
2
ndfloor,AvenuePlazaBuilding, KingKhaled
Road,Al OlayaDistrict, Riyadh,SaudiArabia
Mob:+966505143087
Email:[email protected];
Faiyaz Ali
AssociateDirector-IT&
CyberRiskAdvisory
[email protected]
+966505590350
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 152
- Slides 25
- Age 546 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
56 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
53 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
42 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
41 views
21
Know for Certain
DaveSinNM
25 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
30 views