Moore Stephens Insight Limited

Eye2Scan Audit Software (for SAP, CODA, and Movex)

Eye2Scan connects with SAP, CODA and Movex to generate audit reports based upon automatic testing. Internal control work program is integrated in Eye2Scan, providing an out-of-the-box, simple, customisable, quantitative audit experience. Audit analytics are made simple and daily quantitative controlling activities become possible. Technical knowledge is not required.

Features

• An automated simple and easy to use solution.
• Requires no IT technical or specific ERP (e.g. SAP) knowledge.
• Email alert System available.
• Software is regularly updated in line with regulatory changes.
• Controls can be customised.
• Efficient controls with 100% data coverage
• More and more tests are being developed.
• Includes workflow to follow up corrective actions.
• Tests include transactions, parameters, licenses, password updates, user connections.
• Comes with output reports, dashboards and detailed data extracts.

Benefits

• Remote audit controls.
• Continuous control monitoring.
• Facilitates and expedites preparations for both internal and external audits.
• Proven for risk management and fraud detection.
• Immediate results.
• No additional workload for local IT department or technical training.
• 100% data coverage.
• Massively reduces time to detect system issues and frauds.
• Can make verification checking routine.
• Once running, it will upgrade alongside core system.

£25,000 to £105,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moore-insight.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

848938352657296

Contact

Antonia Martin
020 7952 4690
info@moore-insight.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Interface with GRC software.
• Cloud deployment model: Private cloud
• Service constraints: Full functionalities and tests are provided out-of-the-box for SAP (ECC6 and S4HANA). A subset of tests and functionalities are provided out-of-the-box for Info4-CODA and for Infor M3 (Movex) systems. Interface with other ERP (Oracle / Dynamics, etc.) possible.
• System requirements:
  • Eye2Scan can be operated as a standalone product.
  • Outputs from source systems need to be provided.
  • Target systems need to be able to accept imports.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our team are available to answer your questions and support you where required. We provide email support as necessary throughout the course of projects and aim to respond to questions as quickly as possible.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We will work with your team throughout the project and be available to answer questions or support you where required. We will assist in defining the support / service levels required for your instance of Eye2scan. We also provide a range of support for training depending upon your needs (as outlined above).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Eye2Scan is configured to see the system (SAP, CODA or Movex) database. When it is linked to the client system it can report from the database. We help by initially running some basic enquiries to prove the linkage and then we'll show users how to operate the system to run full audit extracts and reports.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Your transactional data will be provided in export files in the appropriate format as required so will not need to be extracted from the system. All data such as this in the application can be extracted in .csv format.
• End-of-contract process: At the end of the contract access to the service will cease and data can be provided as required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is accessed via a responsive interface. No major differences between desktop and mobile service.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Each instance of Eye2Scan is hosted on a separate virtual machine on the relevant cloud environment. The cloud environment can be scaled appropriately to meet service demands.

Analytics

• Service usage metrics: Yes
• Metrics types: Logs Eye2Scan usage and actions. An audit trial is created if required, in order to automatically document tests and audit findings.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Eye2Scan

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Eye2Scan is generally hosted on Microsoft Azure so security is in-built through the platform. Microsoft leads the industry in establishing clear security and privacy requirements and then consistently meeting these. Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including UK G-Cloud and Australia IRAP. Rigorous third-party audits, such as those done by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate.; ; Data penetration testing can be arranged as required.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Transactional data as part of a migration or interface is exported according to logical rule-sets configured in the system. It can be exported in a wide-range of formats as required by the target system. Configuration data can be exported in .csv format for future reference.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
  • JPEG
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: The server is hosted on premise. No connection is necessary between the buyer's network and our network.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Eye2Scan can be installed, hosted and configured to meet client requirements and security will be part of the initial scoping discussions to ensure your data is always secure.

Availability and resilience

• Guaranteed availability: SLA's are dependent on client requirements, but are typically 99+%.
• Approach to resilience: Use of Microsoft Azure provides an in-built resilience along with individual hosting environments.
• Outage reporting: We report outages to named individuals via email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Users can be assigned varying levels of access and authority dependent on the roles they undertake.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance based upon ISO/IEC 27001 standard.
• Information security policies and processes: We have information security and data protection policies which are available on request. Reporting of any security / protection concerns is via our Data Protection Officer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A detailed Functional Specification is agreed during the scoping and design stages of the work. The will include full details of all configuration parameters. Any required changes go through a structured change control process including review by relevant stakeholders. When approved they are updated in the relevant documentation, implemented in a test environment and comprehensively tested before being migrated into the live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The Microsoft Azure platform has built-in vulnerability checking and provides reports which are reviewed and acted upon as appropriate.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Microsoft Azure platform has built-in compromise checking and provides reports which are reviewed and acted upon as appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: Eye2Scan Solutions has structured incident management processes which are followed for all services. Users report incidents via their dedicated contact which then initiates the process. Incident reports can be provided on request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We will take a proactive, ‘one-team’ approach to minimising negative environmental impacts. This will begin via a structured collaboration programme, providing a channel for sustained engagement. At solution design workshops, we will jointly identify environmental objectives, opportunities for additional environmental benefits, and agree Social Value commitments. This will include creating a Risk Assumption Issue Dependency log, which will capture environmental risks/mitigations.; Reducing negative environmental impact also forms part of our own commitment to achieve Net Zero emissions by 2050, via our Carbon Reduction Plan and ISO 26000-aligned Corporate Sustainability objectives. They comprise measures that we implement across all operations:; • Implementing an Environmental Management System; • Energy conservation: Using low energy lightbulbs; renewable energy sources ; • Waste reduction: Recycling campaign (e.g. cartridges/batteries & via charities); digital resources; double-sided printing; avoiding single-use plastics (MI was recently appointed ‘Plastic Free Champion’ by Sheffield Action).; • Reducing emissions: Virtual meetings; encouraging public transport; Cycle to Work Scheme; Employee Electric Car Purchasing Scheme; Hybrid Working Policy (reducing office footprint by 66%).; • Reducing resource consumption: Procuring recycled products; purchasing locally; ecological cleaning products.; Education & training includes:; • Induction, with training on our Environmental Policy & Management System; • Environmental schemes, e.g. becoming ‘Plastic-free Champions’ ; • Workplace marketing/comms, driving behavioural change (e.g. recycling); • Travel campaign, requiring reporting on commuting and awareness of fuel/vehicle type.; Our Quality & Operations Manager is currently engaging with the Carbon Literacy Project to create a Carbon Literacy training programme, anticipated to be implemented in 2025.

  Tackling economic inequality

  Moore Insight are committed to supporting employees to upskill and climb the wage ladder through providing the best possible working environment and opportunities. Having been in business for almost 30 years, means that we know the importance of actively showing our staff how much they are valued for a productive and efficient team that translates into a high level of service for our clients. Therefore, we proudly maintain our Living Wage accreditation as well as being recognised by Great Place to Work as one of the UK’s Best Workplaces for Women 2023, one of the UK’s Best Workplaces in Consulting and Professional Services, and a Great Place to Work. ; With the help of the Living Wage accreditation, we will continue to recruit some of the most highly skilled consultants and employees for our business throughout any contract. We also commit to continuing to provide purposeful training and personal development courses to upskill our current employees.; Additionally, all staff receive two paid volunteering days per year to contribute to local/charity-based projects, facilitated by our employee volunteering software, Matchable. This enables staff to sign up to projects, segmented by skillset/geography, as well as assigning a monetary value to time/resource contributed for accurate measurement of impact, ensuring we are having a positive impact on the local community/economy.; As part of this contract, we would be offering our knowledge and expertise to local areas. At Moore Insight, each employee has two volunteering days a year to support the wider community. We currently use an online volunteering forum, Matchable, that allows you to focus on the locality of your volunteering as well as to specific skills and passions. The specific projects available allow employees to apply their skillset/experience to make a real impact.

  Equal opportunity

  We recognise Inclusion as a key theme and Moore Insight will commit to maintain the responsibilities set out in our Equality, Diversity and Inclusion policy throughout the duration of this contract. ; Moore Insight greatly values the individual contributions of all employees and recognises the value of diversity throughout the organisation. We have several key commitments within our policy that we will ensure to be maintained as part of any contract: ; • Ensuring terms and conditions of employment do not prevent disabled people from taking up new positions. ; • Train, develop, reward and promote on the basis of merit and ability; • New employees are asked to complete an equal opportunity monitoring form, ensuring we are able to monitor the breakdown of the workforce regarding information such as gender, age, ethnicity, disability etc.

  Wellbeing

  At Moore Insight, health and wellbeing is a key consideration throughout the organisation. Ways in which we establish this are below: ; We offer a Wellbeing Hour every month to every staff member. As part of Mental Health Awareness week in 2022 Moore Insight implemented the chance for employees to have an additional 60-minute break once a month to pursue activities that support their well-being. This is still in place as a standard benefit for all employees and most often includes extended lunch breaks, personal care, or classes relating to a hobby. This ultimately has reduced overall stress throughout the organisation, given staff more time to do something to be mindful, and care for their mental health. We would be happy to provide buyers with more details on this for you to implement within your organisations. ; Throughout any contract we will promote remote/flexible working. We allow up to 2 days a week working from home, not only does this reduce our overall carbon emissions, but also encourages a flexible working environment, enabling staff to fit their personal life around their work life.

Pricing

• Price: £25,000 to £105,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moore-insight.com. Tell them what format you need. It will help if you say what assistive technology you use.