Log In

Simplicity + Certainty = Confidence
monitor screenshots
Secure

Secure

Your information is securely held, communications are safely encrypted. Our fully encrypted backups occur often and regularly. Flexible and secure user password security.

Fast

Fast

Fast interfaces, user experience and reporting through the latest database design and web technology. User management tools aide efficient processes

Simple

Simple

Uncluttered user interfaces, multiple browser tab access, effortless data links. Our user-friendly and easy to learn user interface means no steep learning curve. Logical data entry flow with what you expect where you expect.

Customisable

Customisable

You select the modules you use and customise to your needs. You control your reports' content, you tailor your installation to suit your businesses needs

Standardised

Standardised

We support the global standards on Risk Management (ISO 31000) and Compliance (ISO 19600) and APRA SSP 220

Centralised

Centralised

One stop for all of your risk and compliance office needs. View completed and incomplete controls. Retain all your controls and records in the one accessable data base

How it Works

Feature diagram

CRS Certus becomes your record of your risks, risk profile, risk mitigators, obligations, responsible managers and staff, policies and procedures. It holds your proof of control execution. It facilitates recording and managing issues, incidents and complaints. CRS Certus can be interrogated to deliver reports on all data it holds in a format your audience needs.

Risks

Full risk management system. Customisable risk register. Multiple entity ratings support. Links to mitigating controls and issues register. Risk appetites tied to strategic objectives. Risk tolerance triggers and questionnaire system.

Obligations

Record obligations. Link to legislative or regulatory sources. Reconcile obligations with business controls

Controls

Document business controls. Link to risks and obligations. Assign responsibilities to managers. Automatically generate controls self-assessment questionnaires. Managers alerted when questionnaires are ready, complete within CRS Certus

Assessments

Controls response assessment navigation. Record testing results. Full audit records of resolution and further action. Directly load adverse responses into Issues Register.

Incidents

Capture incidents originating from within CRS Certus and reported by your business. Customise incident categories. Workflow management. Assign activities. Capture reportability assessment, related documents and developments.

Complaints

Customise complaint categories. Seamless flag as incidents, breaches or risk mitigation controls failures.

Registers

Breach register with regulator reporting assessments. Personal dealing approvals and register, gifts & benefits, training, conflicts of interest, relatedy party, legal documents, administrative documents, publications, office holder registers amongst others.

Alerts

Email alerts issued out of the system directed to your defined positions. Customisable email content and triggers. Email service log validates that communications are sent.

Policies & Procedures

Policies and procedures library. Alert users to new content to review within CRS Certus. Capture user confirms of access and understanding of policies and procedures. The library becomes your single point of truth.

Reporting

Flexible reporting to PDF and XLS(X). Customisable report content, period and presentation, tailored and relevant for the audience. Reports returned immediately. Aides regulatory enquiry, annual audit, demonstrates the control you have over your business

Consultancy and Outsourced Management

In addition to providing CRS-Certus as a software service, we provide consulting and outsourced management services. These services are available separately from CRS-Certus.

We can help to:

  • Operationalise your risk and compliance management system.
  • Workshop your risks.
  • Build Controls.
  • Document your regulatory obligations.
  • Implement incident/complaints reporting.
  • Document your policies & Procedures

Compliance & Risk Services Pty Ltd has been providing risk and compliance management solutions for businesses for over 10 years.

Our speciality in financial expertise

We have particular experience with financial Australian financial institutions such as Australian Financial Services Licensee, APRA regulated entities, Australian Credit licensees and AUSTRAC reporting entities.

  • Australian Financial Services ('AFS') Licence applications and licence variations
  • RSE licence applications
  • AFS Licence compliance reviews
  • Managed investment scheme registrations
  • Draft compliance plans
  • Draft Product Disclosure Statements ('PDS')
  • PDS due diligence
  • MDA contracts
  • Provide outsourced compliance management
  • Anti-money laundering & counter terrorism financing ('AML/CTF') programs
  • Independent reviews of AML/CTF programs
  • External Compliance Committee members
  • Temporary compliance staff placements
  • Risk management frameworks
  • Local agent for foreign licensees
  • Technical and product advisory services
  • Responsible manager training

Our values and ideals

Experience

We are experienced risk and compliance management practitioners experienced in developing and operating risk and compliance management systems.
CRS-Certus is developed through our experience as risk and compliance management practitioners.

In-house programming team

Our programming team is retained in-house. We believe that the partnership of practitioner and programmer provides a strength that few competitors may match.

Secure IT architecture and backups

Our system uses contemporary database design, programming languages, and hardware. We have implemented a constant backup regime using offsite encrypted storage.

Trust

We have provided services to over 200 clients over the globe. We have acted as topic experts under ASIC enforceable undertakings, engaged as experts in litigation and ASX disciplinary reviews.

Articles

BDO Australia - Navigating the regulatory landscape - ASIC's cyber security mandates for board
By Christina Barlow at 23/04/2024
Lessons Learnt from the Lanterne case
By Christina Barlow at 18/04/2024
New parliamentary inquiry into the wholesale investor and wholesale client tests
By Gerald O'Byrne at 26/03/2024
Rollover of Class Orders relating to Managed Investment Schemes
By Terry Dalziel at 31/01/2024
AUSTRAC Compliance Report ✅
By Hannah Deuk at 16/01/2024
Understanding ASIC's Focus in 2024 and Enforcement Priority!
By Hannah Deuk at 29/11/2023
Money Laundering Maze: Dodging AML/CTF Programs with Style 😉
By Hannah Deuk at 01/11/2023
ASIC releases second publication on insights from the reportable situations regime
By Vicki Guo at 01/11/2023
Review of the regulatory framework for managed investment schemes
By Gerald O'Byrne at 08/08/2023
ASIC invites Australian entities to assess their cyber resilience
By Vicki Guo at 20/06/2023
BDO Australia - Navigating the regulatory landscape - ASIC's cyber security mandates for board

Navigating the regulatory landscape - ASIC’s cyber security mandates for boards

(BDO Update - https://www.bdo.com.au/en-au/insights/cyber-security/navigating-the-regulatory-landscape-asic-s-cyber-security-mandates-for-boards) 

In today’s digital era, where cybercrimes and data breaches are an ever-present risk, organisations must adapt to ensure robust cyber security measures.

As cyber criminals grow increasingly sophisticated, the Australian Securities and Investments Commission (ASIC) has intensified its scrutiny of organisations, urging boards to fortify their defences against cyber threats or face regulatory consequences.

Recent statements by ASIC Chairman Joe Longo signalled a crackdown on organisations lacking adequate cyber security preparedness, following the results of ASIC’s 2023 pulse survey, which highlighted significant gaps in corporate Australia’s cyber security.

Understanding the risks

As businesses navigate the complex cyber security landscape, it is crucial they grasp the multifaceted nature of cyber threats. Recent incidents, such as the credential stuffing incident that engulfed popular Australian online retailer The Iconic, are a stark reminder of the insidious nature of cyber threats, even in circumstances where the organisation did not suffer a data breach.

As part of BDO’s latest Scams Culture Report, we highlighted the low cost of obtaining cyber criminals' assistance to hack an organisation’s LinkedIn company profile—as low as AUD $17 on the dark web. Incidents such as these underscore the need for organisations to fortify their defences against such nefarious activities.

Third-party risks are also often overlooked and pose a significant threat, as evidenced by the growing trend of cyber criminals targeting supply chains and business partnerships. Boards must recognise the constantly evolving threat landscape and take proactive measures to mitigate risks effectively.

Whilst much attention is devoted to internal IT security, overlooking risks posed by third-party suppliers or business partners can be catastrophic for organisations. To effectively manage these risks, organisations must conduct comprehensive risk assessments and integrate third-party risk management into their overall cyber resilience strategy, ensuring a holistic approach to cyber security encompassing every link in their supply chain.

Protecting your environment

In the digital age, adopting comprehensive protection strategies is pivotal for enhancing cyber resilience and safeguarding against the evolving landscape of cyber threats. Organisations must critically assess their need to store sensitive data, like credit card information, and only retain it when absolutely necessary while applying robust security measures for any data kept.

Implementing multi-factor authentication significantly enhances security, adding an essential layer of protection beyond just passwords. Regularly updating systems with the latest security patches is crucial to defend against new vulnerabilities. Additionally, ensuring every team member is prepared and informed and equipping staff with comprehensive awareness training on cyber security practices is vital to fortify the organisation's defence against cyber threats.

Incident Response Planning

Managing the impact of cyber risk is equally as important as implementing protection strategies, highlighting the need for organisations to have comprehensive incident response plans. The increasing frequency and sophistication of cyber-attacks underscore the critical need for well-defined plans that offer clear procedural guidance for addressing and responding to incidents at both technical and non-technical levels.

These plans should include guidance and instructions for communicating effectively with staff and customers during a cyber incident, ensuring transparency and maintaining trust. Educating teams on their roles within the incident response framework and conducting regular drills to follow the plan in simulated scenarios are essential to prepare for real-world breaches.

Additionally, rehearsing the incident response plan through regular testing is crucial for assessing its effectiveness and making necessary adjustments. This approach helps manage the immediate fallout from cyber incidents and strengthens an organisation's resilience against future threats.

What do Directors and Boards need to know?

Cyber resilience has emerged as the cornerstone of organisational preparedness, encompassing the capacity to anticipate, respond to, and recover from cyber incidents. Despite this, many businesses still need to pay more attention to the broader risk landscape encompassing processes and personnel when considering security requirements.

ASIC expects directors to ensure their organisation’s risk management framework adequately addresses cyber security risk and that controls are implemented to protect critical assets and enhance cyber resilience. They warn that failure to do so could cause directors to fall foul of their regulatory obligations.

Boards and Directors are pivotal in steering their organisations towards cyber resilience. They must spearhead efforts to implement and continually evaluate robust cyber security controls, educate employees on best practices, and develop incident response protocols. Collaboration with external cyber security specialists can alleviate the burden, offering expertise and insights to enhance cyber resilience.

To meet ASIC's cyber security expectations, the entire executive team needs to be cyber-aware. Boards must grasp regulatory requirements, implement adequate controls, and continually reassess their cyber security posture. Organisations must strive to enhance their cyber security maturity within recognised frameworks through internal initiatives and external partnerships.

ASIC emphasises the imperative of resilience, stressing the need for proactive measures and regular testing to mitigate cyber risks effectively. An effective cyber security strategy aligned with governance and risk frameworks ensures that organisations can confidently navigate the evolving cyber threat landscape.

As businesses confront the ever-changing cyber threat landscape, prioritising cyber resilience is paramount. By embracing ASIC's cyber security mandates and fostering a culture of vigilance, boards can safeguard their organisations against cyber threats and future-proof their operations.

Contact Us

Feel free to drop us a message if you have any questions or requests.

Or give us a call at

P: 03 9663 4456

and post us at

P.O. Box 18009
Collins Street East
Melbourne, VIC 8003

We're located at

Suite 2, Level 47, 80 Collins Street (North Tower)
Melbourne, VIC, 3000

Privacy Policy