Using our combined knowledge in COBIT, ISO27001 and PCI-DSS, we create risk-based technology audit programs for our clients, to ensure the tenet of data confidentiality, integrity and availability is maintained.  We offer Baseline IT audits to advanced customised technology audits based on our client’s business needs and risks.

We are members of ISACA (Information Security Audit Control Association) and are certified to their stringent and international qualifications to conduct these exercises.

IT General Controls vs Application Controls

Our audit package is called SPA – security posture assessment.

SPA consists of several separate assurance programs packaged into one.

This allows us to quickly streamline audit activities, overlapping knowledge from different exercises, optimise resource usage and in the end deliver the same benefits as isolated audit exercises, in a more cost effective manner.

The SPA package aims to bring the best benefits at a lower cost in terms of time as well as money, to our customer. SPA can also be segregated into modules, with a baseline module, and then add-on modules like SDLC, Project Management, IT Continuity Audits.

Our “baseline” SPA package is created to quickly identify key IT areas of generally all companies across vertical industries. This is mainly for clients who may be doing IT audits for the first time, and require help in scoping; or clients who prefer a lower cost look at their security posture. Our Baseline SPA covers the following IT processes:

Usually once the baseline security is done, we can add on other IT processes modularly in our audits:


Call us at +603 6203 1888 or email us at for more details of our SPA package and Application Audits.