Moore Kingston Smith Consulting (MKSC) provides governance, controls and technology risk management advice and assurance. Failures in any of these areas can affect an organisation’s brand and reputation, not to mention the legal and regulatory ramifications. We provide our clients with a high level of independent assurance and audit regarding their risk management and compliance policies, procedures and practices. MKSC operates in a number of sectors, including financial services, gaming, healthcare and marketing services companies. We also work for entrepreneurial businesses, charities and not-for-profit sector clients.
Choose a tab to read about our services in more detail.
Moore Kingston Smith Consulting’s technology solutions are based on two principles: the need for high levels of technical skill to address technical threats, and awareness that many of the greatest losses come from ‘routine’ risks which are not effectively addressed.
Technology can be transformational in helping to deliver significant business improvements and yet it brings with it some of the greatest and fastest changing threats. With technology taking an increasing proportion of corporate spending, it now represents the major concentration of risk and reward for many businesses. MKSC’s particular expertise is balancing this risk with the reward to maximise ROI for our clients.
We have extensive experience of dealing with global regulators and providing data privacy solutions which ensure that compliant handling of client data does not disrupt ‘business as usual’.
MKSC can help you answer these questions and others, and put in place procedures to ensure that your organisation can keep pace in this fast-changing risk area.
Whether your organisation’s internal audit function is fully outsourced to Moore Kingston Smith Consulting, or whether we are ‘co-sourced’ for specialist areas, our team has extensive experience in planning and executing internal audits.
Those performing in-house controls assurance activity, be they internal audit or a management control function, are often hard pressed to possess all the technical and business expertise needed to effectively review business controls. The pace of development and complexity in areas like technology and compliance make it very unlikely that an in-house team with finite resources will have the skills they need to generate adequate assurance in every case. MKSC offers a pool of specialist technical resources from which a business can draw to meet their needs. As this support is only there when it is required it is a cost-effective way of filling internal skills gaps.
Moore Kingston Smith Consulting is also committed to developing client capability and will aim to pass knowledge on to your own staff so the dependency on external help can be reduced
With the extensive experience of Moore Kingston Smith Consulting team members, it’s no surprise that we are experts in developing, monitoring and evaluating compliance and risk management systems.
We focus on:
This is particularly true when it comes to specific regulatory regimes. In addition to the areas discussed under ‘Core Services’, we are skilled in:
Our approach to the Payment Card Industry Data Security Standard (PCI DSS) is based on a number of principles which differentiate us from our competitors:
As the only Qualified Security Assessor (QSA) in the UK that is part of a large professional services and accountancy practice, we operate to the highest professional standards and have access to significant resources that ensure we bring the best technical skills to each engagement. MKSC is also an accredited QSA Company for the Barclaycard Risk Reduction Programme (BRRP).
Our staffing model ensures high levels of experience. MKSC’s QSA practice does not employ any individual unless they have at least ten years of relevant experience in information security and audit disciplines. The current average experience of our QSA team is 18 years. This gives our consultants a breadth and depth of technical knowledge which ensures we deliver rapidly and with insight. It also means we are able to provide practical advice, drawn from our experience, on how you can address issues that might otherwise impact your ability to comply.
Critically, the experience we require of our staff must include time in a management role within a corporate IT function as well as time spent in an audit or assurance role. This gives our QSAs an unparalleled understanding of the realities of managing information security in a commercial environment, and we are committed to identifying controls within your environment which meet, or can be redesigned to meet, the requirements of the DSS in a manner that is as cost effective as possible.
We are committed to sharing knowledge and building capability, and have developed techniques to ensure the client staff we work with develop from our involvement. In addition, all technical methodologies that we employ are made available to clients at no extra cost.
Continuity of staff
Where possible, we ensure that the same consultants are engaged on all phases of PCI work for a client, to facilitate a more thorough understanding of the cardholder data environment and eliminate the need to re-learn the client’s infrastructure and controls. This extends to subsequent annual reassessments where relevant.
Many organisations fail to properly quantify the risks they face from their suppliers, joint venture partners, agents and outsourcers.
Some of the issues we assist organisations to resolve are:
Moore Kingston Smith Consulting brings together procurement expertise, technical compliance knowledge, IT specialists, supply chain continuity and relationship management experts to provide an end-to-end third party management solution for our clients.