Controls assurance, risk management and technology advisory

Moore Kingston Smith Consulting (MKSC) provides governance, controls and technology risk management advice and assurance. Failures in any of these areas can affect an organisation’s brand and reputation, not to mention the legal and regulatory ramifications. We provide our clients with a high level of independent assurance and audit regarding their risk management and compliance policies, procedures and practices. MKSC operates in a number of sectors, including financial services, gaming, healthcare and marketing services companies. We also work for entrepreneurial businesses, charities and not-for-profit sector clients.

Explore our services

Choose a tab to read about our services in more detail.

Information security and data protection

Moore Kingston Smith Consulting’s technology solutions are based on two principles: the need for high levels of technical skill to address technical threats, and awareness that many of the greatest losses come from ‘routine’ risks which are not effectively addressed.

Technology can be transformational in helping to deliver significant business improvements and yet it brings with it some of the greatest and fastest changing threats. With technology taking an increasing proportion of corporate spending, it now represents the major concentration of risk and reward for many businesses. MKSC’s particular expertise is balancing this risk with the reward to maximise ROI for our clients.

We have extensive experience of dealing with global regulators and providing data privacy solutions which ensure that compliant handling of client data does not disrupt ‘business as usual’.

  • Who is taking responsibility for the smooth functioning of your organisation’s data estate?
  • Does your organisation actually need ISO27001?
  • What questions would a regulator ask if they were to examine your systems?

MKSC can help you answer these questions and others, and put in place procedures to ensure that your organisation can keep pace in this fast-changing risk area.

Internal audit

Whether your organisation’s internal audit function is fully outsourced to Moore Kingston Smith Consulting, or whether we are ‘co-sourced’ for specialist areas, our team has extensive experience in planning and executing internal audits.

Those performing in-house controls assurance activity, be they internal audit or a management control function, are often hard pressed to possess all the technical and business expertise needed to effectively review business controls. The pace of development and complexity in areas like technology and compliance make it very unlikely that an in-house team with finite resources will have the skills they need to generate adequate assurance in every case. MKSC offers a pool of specialist technical resources from which a business can draw to meet their needs. As this support is only there when it is required it is a cost-effective way of filling internal skills gaps.

Moore Kingston Smith Consulting is also committed to developing client capability and will aim to pass knowledge on to your own staff so the dependency on external help can be reduced

Legal and regulatory compliance

With the extensive experience of Moore Kingston Smith Consulting team members, it’s no surprise that we are experts in developing, monitoring and evaluating compliance and risk management systems.

We focus on:

  • achieving compliance
  • monitoring continuing compliance
  • troubleshooting or updating due to regulatory changes
  • evaluating compliance adequacy

This is particularly true when it comes to specific regulatory regimes. In addition to the areas discussed under ‘Core Services’, we are skilled in:

  • FCA regulation – client money audits; FCA approvals; FCA investigations
  • Healthcare – Safeguarding; CQC reports
  • Anti-Money Laundering rules
  • Data Protection and privacy, including the EU Data Protection Directive and global equivalents
  • Bribery Act / Foreign Corrupt Practices Act
  • Sarbanes-Oxley Act
  • Health Insurance Portability and Accountability Act (HIPAA)

Payment Card Industry (PCI)

Our approach to the Payment Card Industry Data Security Standard (PCI DSS) is based on a number of principles which differentiate us from our competitors:

As the only Qualified Security Assessor (QSA) in the UK that is part of a large professional services and accountancy practice, we operate to the highest professional standards and have access to significant resources that ensure we bring the best technical skills to each engagement. MKSC is also an accredited QSA Company for the Barclaycard Risk Reduction Programme (BRRP).

Technical expertise

Our staffing model ensures high levels of experience. MKSC’s QSA practice does not employ any individual unless they have at least ten years of relevant experience in information security and audit disciplines. The current average experience of our QSA team is 18 years. This gives our consultants a breadth and depth of technical knowledge which ensures we deliver rapidly and with insight. It also means we are able to provide practical advice, drawn from our experience, on how you can address issues that might otherwise impact your ability to comply.

Commercial awareness

Critically, the experience we require of our staff must include time in a management role within a corporate IT function as well as time spent in an audit or assurance role. This gives our QSAs an unparalleled understanding of the realities of managing information security in a commercial environment, and we are committed to identifying controls within your environment which meet, or can be redesigned to meet, the requirements of the DSS in a manner that is as cost effective as possible.

Developing capability

We are committed to sharing knowledge and building capability, and have developed techniques to ensure the client staff we work with develop from our involvement. In addition, all technical methodologies that we employ are made available to clients at no extra cost.

Continuity of staff

Where possible, we ensure that the same consultants are engaged on all phases of PCI work for a client, to facilitate a more thorough understanding of the cardholder data environment and eliminate the need to re-learn the client’s infrastructure and controls. This extends to subsequent annual reassessments where relevant.

Third party and supply chain management

Many organisations fail to properly quantify the risks they face from their suppliers, joint venture partners, agents and outsourcers.

Some of the issues we assist organisations to resolve are:

  • Is this the right outsource partner for my organisation?
  • How do you know whether the third party actually observes their policies and procedures?
  • How do you know that your confidential information is not exposed to others through failures in the third party’s systems?
  • Will this new technology really deliver the benefits for my organisation, with its legacy architecture and systems?
  • Are employees trained to the same levels as my own?
  • Does the third party meet industry benchmarks in various risk areas?

Moore Kingston Smith Consulting brings together procurement expertise, technical compliance knowledge, IT specialists, supply chain continuity and relationship management experts to provide an end-to-end third party management solution for our clients.