Press and latest news

 

Your guide to an official re-examination

The follow-up is one of the most important building blocks in the revision process. It is even a minimum requirement for passing a quality assessment. Because only in a follow-up can it be ensured that weak points have been eliminated, that controls are working effectively again or that new controls have been set up. But as an auditor, how do you keep track of which deficiencies are still being worked on and which have already been corrected? When will the implementation of measures be checked on site and when will a desk check of documents be sufficient? What happens if the recommendations are not implemented? How does the controlling of the follow-up work? We worked out concrete answers to these questions in the seminar.

 

The seminar will be led by Mr. Sami Abbas from TASCO Revision und Beratung GmbH. For more info.

Date: 13.06.2022

Location: Düsseldorf & Live-Stream 

 

seminar schedule

 

Follow-up: A fundamental part of the audit process

  • Purpose and objectives of a follow-up
  • International Professional Practices Framework (IPPF) - practical advice
  • The Audit Report

 

Carrying out the follow-up

  • Follow-up Types
  • Follow-up planning
  • Preparation and Announcement
  • Carrying out the inspection
  • Documentation of evidence

 

Results of follow-up and reporting

  • Result types per finding
  • Decision criteria for assessing the elimination of defects
  • Reporting on the overall result
  • Deficiencies that have not been remedied – can one agree, must one agree?

 

 Resubmission of the review

  • Reasons for a second review
  • Completion of the second review
  • Completion of the entire Audit

 

Management and control of the findings

  • What information does internal audit require?
  • How is the status of the findings tracked?

 

Handling of follow-up results

  • Evaluation of the elimination of defects for each department
  • Lessons learned

 

 


Facility management covers the entire life cycle of a property and the associated outdoor facilities - from production to use to demolition. Deficiencies in facility management have a clearly negative effect on the investment costs, but above all on the subsequent usage and operating costs. They can quickly achieve ten times the value of the investment. Therefore, an intensive and well-founded examination of facility management is of great importance.

The internal audit must have the appropriate facility management know-how and professionally examine the entire process chain of building management.

 

Goal of the seminar:

You will receive process and risk-oriented auditing approaches and methods to identify, analyze and eliminate risks.

The seminar will be led by Mr. Benjamin Bender from TASCO Revision und Beratung GmbH. For more info.

 

Dates:

Hamburg: 24 Oktober – 25 Oktober 2022 

Both events will also be broadcast via livestream.

 

Seminar schedule:

The importance of Facility Management

  • Delimitation and determination of content of facility management
  • Conception, planning and implementation of the revision of the facility management
  • Relevant legal requirements
  • Recording of the existing framework conditions (e.g. database/data basis, responsibilities, performance parameters, monitoring, reporting) 

 

Examination of the technical building management

  • Inventory documentation and inventory management
  • Building automation (e.g. central control technology, facade control, air conditioning systems)
  • Ongoing technical operation (commissioning, disruptions, inspection, maintenance, repairs)
  • Energy management and water/sewage
  • Other technical services
  • Compliance with legal requirements 

 

Examination of infrastructural building management (in the service sector)

  • Needs assessment and bills of quantities
  • Solicitation of offers and invitation to tender
  • Negotiations and contract award
  • Contracts
  • Price and material lists
  • Price increase requests
  • Performance monitoring
  • Relevant services: cleaning services, security services, outdoor facilities services, canteen, move management, waste disposal, office services, transport services 

 

Examination of the commercial building management

  • Controlling, budget management and forecast
  • (Sub)accounting including debtor and creditor management
  • Procurement processes including invoice verification
  • Contract Management
  • Utility bills
  • Marketing including contract negotiations 

 


 

Cybercrime targets computers, computer networks and even connected devices. In most cases, but not entirely, criminals aim to make money out of their activities.

Cybercrime is carried out either by a single person, government sponsored organizations or criminal organizations. Some of these criminals tend to use advanced technologies and are technically versed. Others are unexperienced hackers.

The main goal of cybercrime is in most cases to gain profits. Next to personal or political reasons there are only a few other reasons for using cybercrime.

 

What types of cybercrimes are there?

Here are some examples of the different types of cybercrime:

  • E-mail- und Internet fraud
  • Identity theft (where stolen personal information is misused)
  • Theft of financial or card payment information
  • Theft and subsequent sale of company data
  • Cyber ​​extortion (money is extorted, otherwise an attack occurs)
  • Ransomware attacks (data is encrypted and only released for a fee)
  • Crypto jacking (hackers mine cryptocurrency with resources they don't own)
  • Cyber ​​espionage (hackers access government or corporate data). 

 

Cybercrime often falls into two main categories:

  • Criminal activity targeting computers
  • Criminal activities that use computers to commit other crimes.

 

 Cybercrime targeting a computer often uses viruses and other types of malwares. Cyber ​​criminals can infect computers with viruses and malware to damage devices or stop them from working. They can also use malware to delete or steal data

 

How do Cyber criminals often operate?

Here is a brief explanation of the most common types of attacks that target Networks and systems on a daily basis.

 

Identity theft:

This is one of the worst attacks a victim can suffer from. The criminals use personal data like the name, the driver’s license, the Social security number etc. to commit internet fraud, steal property, misuse goods or use services in the victim’s names.

 

Botnets

The word “Botnet” derives off the word “Bot” and “Network” and refers to a great number of controlled Computers (Bots) which are connected via network (Internet).

The Botnets are being used to spread vicious Data and Software, to infect other systems, to start attacks, to steal data and to send spam campaigns (etc).

 

Cyberstalking

Cyberstalking is a form of cyberbullying in which a person attempts to threaten or harass other people using computer systems connected to the Internet. Most cyberstalking cases involve the use of anonymous communication systems such as email, social networks, instant messaging applications, etc.; anything that relies on anonymity to disguise the cyberstalker's identity.

 

Social Engineering

Social engineering is one of the most classic types of cyberattacks that can be launched against individuals or organizations. It involves manipulating people to obtain valuable information that can later be used to illegally log into private protected systems or networks. The main motivation behind social engineering is often to steal money, financial data (such as bank account or credit card information), and other sensitive information from a company or a customer. 

 

Flood Attacks

 

The so-called flood attacks include DoS and DDOS attacks. They are usually launched by botnets that can target your domain names and IP addresses in order to flood them with malicious requests that overload servers, resulting in service outages and connection disruptions for system users.

 

Potentially Unwanted Programs

Potentially Unwanted Programs, also known as PUPs, refers to software that you never officially requested but got installed anyway. This type of software usually comes bundled with other software that you have actually consented to download. Common examples of this type of cybercrime are adware, spyware, dialers, and malware. 

 

Exploit Kits

Exploit kits are software toolkits used to exploit vulnerabilities in other programs. A common example is exploiting Flash or Java vulnerabilities to compromise a website and then redirecting traffic to e.g. malicious sites. 

 

Phishing Attacks

Phishing attacks are a form of social engineering used to trick users into revealing their login, password and other sensitive/personal information. Most phishing campaigns are performed by sending massive spam emails with links to maliciously hacked websites that look like real ones (e.g. financial institutions, banks, etc.). Once users log into these fake websites, their credentials are stored in the attackers' database. You can then use your credit card, bank account or email service. 

 

Illegale Inhalte

The Internet is full of illegal content that is forbidden to be distributed. Examples of illegal content are selling drugs online and copyrighted material (such as videos, music, books, software, etc.). 

 

Online Scams

Cyber ​​scams or online scams involve fraudulent companies offering bogus services, goods or rewards to unknowing victims. Examples of online scams include charity scams, gambling scams, online ticket scams, fake gift cards, car scams and more. 

 

How can you protect yourself from cybercrime?

  • Activate your firewall not only on your servers but also on your laptop, which you might use outside of your company network, for example.
  • Always use antivirus and anti-malware programs.
  • Activate the anti-spam blocking function of your e-mail to protect you from spam.
  • Encrypt your local hard drives, e.g. your laptop, with a bit locker so that your data cannot be accessed even if the laptop is stolen. Your smartphone should also only be used with an access code
  • Always use a VPN (protected network connection) when accessing your company network from outside. This sets up an encrypted connection and protects your data transfer.
  • Buy software or download freeware only from safe and known websites.
  • Always back up your data, for example on an external hard drive, and keep the backups up to date on a regular basis.
  • Encrypt your e-mails when sending sensitive and confidential content.
  • Use different/strong passwords. The BSI specifications are a good starting point. The BSI recommends using a password manager, e.g. Keepass. The password should contain at least eight characters and, in addition to upper- and lower-case letters, numbers and special characters. The longer the password, the more secure it is.
  • Keep your software (operating system versions and security patches) up to date

Use two-factor authentication for your online services and for accessing programs with sensitive data, especially if you can be reached externally via the Internet

 

Ein Article from:

TASCO Revision und Beratung GmbH

 


 

Die TASCO war dieses Jahr mit einem Stand bei der 26. Sozialwirtschaftlichen Management Tagung vom Institut für angewandtes Management in der Sozial- und Gesundheitswirtschaft vertreten. 

Die Veranstaltung am 21.09.2021 bei uns in der MEWA Arena in Mainz war ein voller Erfolg, wir bedanken uns bei allen Besuchern.

Weitere Infos finden Sie unter folgendem Link: https://www.swmt.org/ 


 

Am 24. November 2021 fand der Karrieretag in der Jahrhunderthalle Frankfurt statt und die TASCO war dabei!

TASCO nahm auch in diesem Jahr die Chance wahr, Ihnen im Rahmen der Jobmesse vielfältige Möglichkeiten für Ihre Karriere aufzuzeigen. Wir bedanken uns dafür, dass wir Sie in unserem Ausstellungsbereich begrüßen durften und unser Unternehmen persönlich vor Ort präsentieren konnten. 

Ob Sie als Absolvent bzw. Student Ihren Berufseinstieg planen, bereits Berufserfahrung besitzen oder Quereinsteiger sind – die Personalverantwortlichen der TASCO waren vor Ort und informierten Sie über Ihre Karrieremöglichkeiten bei uns.

Während des gesamten Tages fanden zudem weitere kostenlose Aktionen statt, unter anderem Bewerbungsfotoshootings mit Fotografen und Coachings durch erfahrene Spezialisten sowie Vorträge im Bereich Job & Karriere. Der Eintritt war dabei ebenfalls frei!

Im Hinblick auf die aktuelle Situation wurden Hygienekonzepte erfolgreich umgesetzt, sodass wir uns in einem sicheren Umfeld kennenlernen konnten.