Foo Kon Tan Technology Advisory Pte Ltd

Foo Kon Tan Technology Advisory is the technology arm of Foo Kon Tan group of companies.

Foo Kon Tan LLP is one of Singapore’s most established and respected accountancy practices. We can trace our roots to 1968 when the original firm was founded and became known as Foo, Kon & Tan. Over the years, a dynamic and inspirational leadership team changed the firm’s structure to provide a holistic one-stop business and advisory solutions to discerning clients.

Today, ‘Foo Kon Tan’ (FKT) is the brand name under which Foo Kon Tan LLP, Chartered Accountants of Singapore and its associated companies provide a full range of assurance, tax and advisory services to help clients navigate the ever changing dynamics of the business and regulatory environments in the domestic as well as global markets. We are amongst the top 7 accountancy practices in Singapore.

Our services:
1. IT ASSURANCE
A well planned IT assurance strategy can provide the organisation with peace of mind and actionable steps to mitigate security risks. The goal of our IT assurance services is to help you minimise risks and forecast future requirements by examining the effectiveness of your IT systems’ key controls.

Our IT assurance services in risks and control enable the organisation to:
Align IT strategies with business goals
Ensure compliance with regulatory and legislative requirements
Identify potential operational risks
Maximise return on investment on IT assets
Develop IT roadmaps that prioritise key IT projects
Increase effectiveness of technology
Improve management controls

A comprehensive assurance review requires auditors who understand the world in which businesses operate, and how internal and external influences impact business success.

With our rigorous training program and breadth of experience across a wide range of clients and assurance engagements, we understand the range of business issues and risks that need to be considered during any audit or assurance engagement. Even with this experience behind us, we regard each engagement as unique. We carefully examine all factors, compliance and risks, and provide detailed advice and guidance throughout the engagement.

Our services:
Governance, Risk and Compliance (GRC)
Review and assess the organisation’s IT control environment incorporating the frameworks of CoBIT and ISO/IEC27001
Statement on Auditing Standards (SAS) 70 Type I/Type II
Provide an independent review of a service organisation's control design and testing of effectiveness of a service organisation's processing controls
Sarbanes-Oxley (SOX)
Assess compliance with the financial disclosure and internal control requirements of the Sarbanes-Oxley Act of 2002 and related Securities and Exchange Commission (SEC) rules
ISO/IEC 27001 (ISMS)
Provide an independent review of the organisation’s readiness to undergo a ISO/IEC 27001 review.

For non-audit clients, our advisory teams also provide consultancy for the implementation of various audit standards.
Our services include the following:
Project management
Risk assessment
Change management
Control environment assistance
Documentation support
Design and execution of solutions
Quality assurance and review activities.

2. IT SECURITY
The need for IT security is ever present. Business partners and customers want to know if the organisation have done enough to protect its information assets. IT security services provided by our IT security team helps identify the state of information security within the organisation.

Our professionals use a proven life-cycle approach to security assessment which provides for a high degree of flexibility from targeted compliance assessment to strategic advice. We work hand-in-hand with your executives, business owners and IT professionals to assess your current security posture, create a risk profile, and provide recommendations that immediately decrease both security and compliance risk for your organisation.

With the assistance of highly skilled and professional consultants, our IT security services enable the organisation to:
Stay updated with global information risk situation and security practices
Maximise returns on security investment
Reduce the risk of inadvertent data loss
Build strong, secure systems
Improve risk management and threat response
Tighten controls over the dissemination of internal data.

Our professionals conduct technical analysis with expert, hands-on testing. We analyse the test results to remove false positives, focus follow-on testing, and categorise and prioritise technical findings. We also analyse information collected from the interviews to develop an understanding of how things get done in an organisation, specifically its maturity, formality and culture.

Our services:
Security Policy Consulting
Develop policies and procedures based on the organisation’s business and information security needs that are derived from international best practices and standards
Security Risk Assessment
Assess and evaluate enterprise-wide risks using the recognised RIIOT technique
Application Security Audit
Perform an in-depth examination of the internal configurations and potential security holes within a database and application
Source Code Security Review
Investigate the source code of an application to uncover security vulnerabilities, best practices violations, security design issues. We will review software source code to check for Trojan Horses, time and logic bombs, and back door, as well as software flaws such as inadequate bounds-definition and software race conditions that could allow the software to be exploited
Vulnerability Assessments and Penetration Testing
Provide vulnerability assessments which maps out the network architecture to identify areas of weaknesses and assess likelihood of attacks. In addition to conducting vulnerability assessments, more rigorous penetration tests can be used to confirm whether identified vulnerabilities are exploitable.

3. IT COMPLIANCE
PCI
MAS
PDPA