top of page


Businesses today depend upon information systems in almost all aspects of operations. Organisations, however, are constantly challenged with threats both internal and external to these systems which can expose critical assets to risk. As a result, senior management expects heightened understanding of the way Information Technology (IT) is managed. Implementing and managing effective controls provide organisations with the means to minimise risks while maximising business opportunities, and improve the returns on technology investments.

Obtaining adequate protection against threats on the control and security of your IT systems is therefore imperative in providing you with the confidence that your IT systems will function in accordance with your expectations.

At Foo Kon Tan, our technology advisory team have significant experience with hands-on skills and technical and theoretical knowledge in their respective domains. We are committed to providing you the necessary assistance in enhancing your IT operations to help your company to protect its data and overall system architecture from internal and external threats, while improving its IT functionality overall. Combined with the underlying financial and analytical strengths and insight from our professionals in other disciplines, we aim to deliver value-driven solutions to you. 

Our services:


A well planned IT assurance strategy can provide the organisation with peace of mind and actionable steps to mitigate security risks. The goal of our IT assurance services is to help you minimise risks and forecast future requirements by examining the effectiveness of your IT systems’ key controls.

Our IT assurance services in risks and control enable the organisation to: 

  •  Align IT strategies with business goals  

  •  Ensure compliance with regulatory and legislative requirements 

  •  Identify potential operational risks 

  •  Maximise return on investment on IT assets 

  •  Develop IT roadmaps that prioritise key IT projects 

  •  Increase effectiveness of technology 

  •  Improve management controls 

A comprehensive assurance review requires auditors who understand the world in which businesses operate, and how internal and external influences impact business success.

With our rigorous training program and breadth of experience across a wide range of clients and assurance engagements, we understand the range of business issues and risks that need to be considered during any audit or assurance engagement. Even with this experience behind us, we regard each engagement as unique. We carefully examine all factors, compliance and risks, and provide detailed advice and guidance throughout the engagement.

Our services:

  • Governance, Risk and Compliance (GRC)
    Review and assess the organisation’s IT control environment incorporating the frameworks of CoBIT and ISO/IEC27001

  • Statement on Auditing Standards (SAS) 70 Type I/Type II 
    Provide an independent review of a service organisation's control design and testing of effectiveness of a service organisation's processing controls

  • Sarbanes-Oxley (SOX)
    Assess compliance with the financial disclosure and internal control requirements of the Sarbanes-Oxley Act of 2002 and related Securities and Exchange Commission (SEC) rules

  • ISO/IEC 27001 (ISMS) 
    Provide an independent review of the organisation’s readiness to undergo a ISO/IEC 27001 review. 

For non-audit clients, our advisory teams also provide consultancy for the implementation of various audit standards.

Our services include the following:

  •  Project management 

  •  Risk assessment 

  •  Change management 

  •  Control environment assistance 

  •  Documentation support 

  •  Design and execution of solutions 

  •  Quality assurance and review activities. 


The need for IT security is ever present. Business partners and customers want to know if the organisation have done enough to protect its information assets. IT security services provided by our IT security team helps identify the state of information security within the organisation.

Our professionals use a proven life-cycle approach to security assessment which provides for a high degree of flexibility from targeted compliance assessment to strategic advice. We work hand-in-hand with your executives, business owners and IT professionals to assess your current security posture, create a risk profile, and provide recommendations that immediately decrease both security and compliance risk for your organisation.

With the assistance of highly skilled and professional consultants, our IT security services enable the organisation to:

  • Stay updated with global information risk situation and security practices 

  • Maximise returns on security investment 

  • Reduce the risk of inadvertent data loss 

  • Build strong, secure systems 

  • Improve risk management and threat response 

  • Tighten controls over the dissemination of internal data. 

Our professionals conduct technical analysis with expert, hands-on testing. We analyse the test results to remove false positives, focus follow-on testing, and categorise and prioritise technical findings. We also analyse information collected from the interviews to develop an understanding of how things get done in an organisation, specifically its maturity, formality and culture.

Our services:

  • Security Policy Consulting
    Develop policies and procedures based on the organisation’s business and information security needs that are derived from international best practices and standards

  • Security Risk Assessment
    Assess and evaluate enterprise-wide risks using the recognised RIIOT technique

  • Application Security Audit
    Perform an in-depth examination of the internal configurations and potential security holes within a database and application

  • Source Code Security Review
    Investigate the source code of an application to uncover security vulnerabilities, best practices violations, security design issues. We will review software source code to check for Trojan Horses, time and logic bombs, and back door, as well as software flaws such as inadequate bounds-definition and software race conditions that could allow the software to be exploited

  • Vulnerability Assessments and Penetration Testing
    Provide vulnerability assessments which maps out the network architecture to identify areas of weaknesses and assess likelihood of attacks. In addition to conducting vulnerability assessments, more rigorous penetration tests can be used to confirm whether identified vulnerabilities are exploitable. 


  • PCI

  • MAS

  • PDPA

Kon Yin Tong (No Background).png

Senior Partner


Kon Yin Tong (No Background).png

Partner (Technology Advisory)


bottom of page