Gwerth Consulting
Build Scale & Efficiency and Manage Risks, At Lower Cost
Gwerth Consulting LLP is a business consulting firm that specializes in helping organizations scale up their operations, drive efficiency, effectively manage risks, and create and capture incremental value. Our goal is to provide expert guidance and support to businesses looking to maximize their potential and achieve long-term success. Whether you're a small startup or a medium-scale enterprise, we have the knowledge and expertise to help you navigate complex challenges and drive sustainable growth. Contact us today to learn more about how we can help your business thrive.
Why Gwerth Consulting
Our operating model is designed with a single-minded focus on the following objective:To enable you to leverage our capabilities to build scale, drive efficiencies, reduce operating costs, effectively manage risks and capture significant value.A few characteristics of our operational strategy are:
Process-driven, rather than people-driven activities
We have set up our internal processes so that each activity is pre-defined and documented.Leverage automation, to the extent feasible and cost-effective
We use various tools and automated workflows to automate tasks assigned by clients to our teams, such as task management, time tracking & recording, and ticketing tools. Clients have access to dashboards and reports to monitor the status & progress of their work and evaluate our team’s performance in completing tasks.Fit for purpose talent
We hire talent specifically sourced to meet the skill needs of client projects, from undergraduates to experienced professionals.Flexibility to scale up and scale down
Our operating model offers tremendous flexibility and adapts to our clients’ changing requirements, with minimal impact on their operations. We procure resources in a pay-per-use model, allowing clients to provision and de-provision resources to scale their operations up or down in line with work needs. (For offshoring services).Low-cost delivery
We provide low-cost resources capable of effectively achieving their objectives.
About
Jaykumar (Jay) is the Founder of Gwerth Consulting LLP, with over three decades of experience in professional services. He started his career as a Public Accountant in Mumbai, India, providing financial statement audits, internal audits, and advisory services.In 2007, he joined Deloitte, a global consulting firm, and led their Third-Party Assurance practice in west India, engaging with large enterprise clients in technology, outsourcing, banking, financial services & insurance (BFSI) sectors. With his deep technical skills in business processes, information technology, and knowledge of professional standards, he gained insights into risks, challenges, and opportunities for clients in both large and small business segments.Jay founded Gwerth in June 2022, intending to leverage his expertise in assisting clients to manage their business operations and risks efficiently and effectively while implementing leading corporate governance and risk management practices.
Services
Offshoring & outsourcing servicesOur offshoring & outsourcing services are primarily targeted at professional services firms such as Certified Public Accountants (CPAs), Chartered Accountants (CA), and firms that provide business & management consulting.India is an established destination for offshoring, owing to its large pool of undergraduates & postgraduates fluent in the English language, effective information technology & communications infrastructure, and low costs that offer benefits of scale and cost savings for your organization. This makes it an attractive option for businesses seeking to create and capture value.Advisory & Managed ServicesWe offer the following services to small and medium-scale businesses:
> Internal control evaluations
> Third Party Assurance
> Vendor assessment questionnaires
> Organizational policies & procedures
> Risk management program
> Security & compliance automation
> Managed services
Offshoring & outsourcing services
Offshoring
Augment your onsite team with an offshore team dedicated exclusively to your work. You will have complete control over hiring the right candidates who are fit for your work, decide on their work timings & days, and directly supervise their work. All this comes at a reasonable cost, without being responsible for complying with local labor & tax laws or maintaining an offshore establishment.You can start with just one team member and expand the team over time, based on your needs. We also support your need to hire offshore team members temporarily for a few months, to help you meet your peak workload.Your offshore team members will typically be undergraduates (with education in accounting, auditing, law, and other subjects), seeking appropriate work experience, or a job to fund their further post-graduate studies. They are young, bright, energetic, and fluent in English, seeking decent pay by Indian compensation standards. We aim to offer excellent work opportunities to such job seekers and foresee no challenges in sourcing the right talent for your work.With the offshoring model, you will have the ability to supervise the team’s work directly.What work will you offshore?
As a professional services firm, you may have multiple client engagements, each of which can be considered a project. Within these projects, there are often routine, well-defined, and repetitive tasks that can be easily delegated to your offshore team. Additionally, tasks related to your internal office administration can also be offshored.
Outsourcing
Outsourcing and offshoring are two distinct approaches with different levels of engagement. With outsourcing, you delegate specific jobs to our team, while with offshoring, you engage a dedicated team full-time for your work.We recommend outsourcing relatively complex work to an experienced team, to enhance your onshore team’s productivity and deliver high-quality work to your clients. Our team has the necessary skills, experience, and domain knowledge to assist you with tasks such as financial statement audits, internal audits, tests of controls, third-party risk assessments, and third-party attestations (SOC1, SOC2).What work will you outsource?
When it comes to outsourcing, it's best to focus on work that requires specialized domain knowledge. For example, you can outsource financial statement audits, internal audits, Sarbanes-Oxley (SOX) attestations, SOX management testing, System and Organization Control (SOC) assessments, and Third-Party Risk Assessments. By outsourcing these complex tasks to an experienced team, you can enhance your onshore team's productivity while ensuring quality work for your clients.
Assurance advisory services
We offer services to assist with your assurance requirements, including:Internal control evaluations
We evaluate the effectiveness of internal controls implemented by your organization to comply with your internal risk management practices, your organizational policies & procedures, and meet requirements of standards such as ISO27001, PCI-DSS, NIST, or CSA, and regulations such as HIPAA or GDPR.Third Party Assurance
We assist in evaluating your organization’s readiness to undertake assessments under standards such as SSAE18 (SOC1, SOC2, SOC2+, or SOC3), or ISAE 3402/3000, to meet your contractual commitments to your customers. We also enhance your understanding of reporting options and opportunities available to differentiate in the market, helping you decide on the most optimal solution. We support your teams in coordinating with external auditors for their requirements during assessments & reporting.Vendor assessment questionnaires
We assist you in completing and responding to vendor assessment questionnaires required to be submitted to your customers.Organizational policies and procedures
We review your existing policies & procedures and recommend updates to align with leading industry practices. We also help with developing policies & procedures as per your needs and assist with periodic updates.Risk management program
We assist you in conducting risk assessments, adopting risk treatment plans, designing effective controls, and periodic updates to your risk framework.
Security and Compliance Automation
Over the past few years, governments and regulators have intensified their compliance expectations, despite attempts to reduce the quantum of regulations. Non-compliance is not an option, as it can result in monetary fines, license suspensions, sanctions, and even the closure of businesses. Furthermore. contractual commitments to customers add to your compliance burden.Implementing a security & compliance tool and automating compliance-related activities can enhance your ability to deal with regulatory complexities. There are several tools available in the market, ranging from online SaaS deployments to dedicated on-premises instances.We have formed alliances with two providers of security and compliance automation tools, and we work with them to assist you in implementing and maintaining these tools.How does automating security & compliance help?
An effective compliance tool should include a repository of requirements from leading standards and regulations that are relevant to your business. The tool should also allow you to add custom requirements that may apply uniquely to your industry or customer contracts.The best compliance tools automate the monitoring of your operating environment and provide standard & custom dashboards for real-time reporting of your organization’s compliance status. With alerts and workflows built on integrations with your existing software, your team can take proactive actions to maintain compliance in a timely manner.We can assist you in conversations with the compliance tool provider, ensuring that the tool is fit for purpose and helping with the implementation phase. We also work with your team for ongoing monitoring of your operations to ensure that continuous compliance is maintained.Refer to the section on Partners for more information on two leading Security & Compliance automation tools.
Managed services
Security & compliance are critical aspects for an organization’s senior leadership, but they require significant attention and effort to manage the processes, tools, and ongoing activities effectively. As part of our services portfolio, we offer managed services to facilitate the continuous operation of your security and compliance activities, you to focus on your core business areas such as strategy, marketing, sales, customer relationships, operations, and finances.We would assign a Security and Compliance Coordinator (SCC) to monitor your security & compliance-related processes and regularly interact with your teams to ensure continuous compliance. The SCC's activities would include:
> Monitoring day-to-day compliance activities
> Monitoring the performance of the implemented tool
> Communicating updates on applicable standards & regulations
> Facilitating changes to your compliance database, processes, and controls
> Develop an activities calendar, monitoring the status of activities with due dates, such as quarterly review of active system users, annual training completion, etc.,
> Sending reminders to your team members
> Checking the accuracy & completeness of dashboards available in the tool, or preparing periodic reports for your organization’s senior leadership
> Ensuring that information and artifacts needed to demonstrate your security and compliance practices are available and retained, and
> Assisting your team in coordinating with external auditors to provide information and artifacts for assessments under several standards & regulations.
Resources
CapabilitiesWork facilities
We have begun operations in Mumbai – India’s commercial capital. Currently, we have provisioned workspace with a leading provider of co-working spaces that has multiple centers across Mumbai and other major cities in India. We can scale up the number of seats at these centers, as soon as we onboard additional team members to serve our clients.These business centers are state-of-the-art, offering 24-hour operations, adequate power backup, fast internet connectivity, meeting rooms, communication facilities, cafeterias, and more.As we scale up our operations, we plan to provision scalable workspace options across several centers in Mumbai, allowing our team members to access a center nearest to their residence, minimizing their commute time.Information Technology
We aim to optimize cost and performance while selecting IT hardware and software.If you have already set up a server or have provisioned cloud services, you can enable our team’s access to your IT environment and enable them to work within your domain. You need to procure appropriate licenses for applications or tools to be used by our team in carrying out their work. Alternatively, our team will use our Microsoft 365 subscription and work using SharePoint or OneDrive to complete your work and store documents & data.In either case, appropriate measures are in place to ensure the security of our systems and the confidentiality of your data. We use Microsoft Outlook for emails. and MS Teams for business is our primary tool for meetings, calls, and instant messages.System security & Data Confidentiality
We understand that maintaining the confidentiality of your information and ensuring appropriate control of our team's access to your systems is of utmost importance to you. That is why we have designed our processes and information technology infrastructure with this in mind. We want to assure you that your concerns are sufficiently addressed through key controls summarized below:
> Our team uses Microsoft 365 with Multi-Factor Authentication (MFA) enabled, which adds an extra layer of security to our authentication process.
> All your information and documents will be securely stored either in your domain or in your cloud servers. Our team will work online to access and perform their work in your domain, using authentication mechanisms provisioned by you. This ensures that we do not store or transfer any of your data outside of your control.
> Local storage access on removable media is disabled by default on our laptops, which ensures that your information stays confidential and is not accidentally copied.
> We will ensure that access to your information will be restricted only to the team members working for you. This means that your data is only accessible to those who need it to perform their work and not to anyone else.
> Each team member joining our firm will sign a confidentiality declaration, formally agreeing to abide by the information confidentiality requirements. This ensures that they understand the importance of confidentiality and the consequences of breaching it.
> We communicate our security and confidentiality commitments, as well as the team's responsibilities, during the induction program for each new joiner. We also reiterate these commitments through regular communications to ensure that everyone stays vigilant and up-to-date with our security practices.
Team
For offshore services, staff will be identified, shortlisted, and hired specifically to suit your requirements. We have identified leading job sites and recruiting agents to aid in the hiring process. We have also identified agencies that provide staff on contract for a year or a few months, to meet your temporary work demands.Standard job descriptions have been drafted, and you have the opportunity to customize them to suit your specific talent needs. We will hire candidates who are fluent in English.We plan to hire and set up operations for teams across major Indian cities to source talent close to where it is available and to minimize staff travel and relocation.Experienced candidates undergo a thorough background check covering their education and work experience.Referral ProgramWe offer a referral program that rewards our clients and contacts for introducing us to potential business opportunities. By referring a contact to us, you not only help them benefit from our services but also earn an incentive for yourself, should the referral convert into a contract.How it works?
If you come across an organization in your network that may require our services, please confirm the requirement with your contact at that organization and share their details with us.Our team will reach out to the referred contact, submit a business proposal, and negotiate a contract. We will keep you updated throughout the process.Once the contract is executed, we will share a referral fee with you, as per the agreed payment schedule.Please reach out to us at sales@gwerthconsulting.com to learn more about our referral program and how to refer a contact to us.PartnersWe are referral partners for the following security & compliance automation tools.Scrut Automation
Scrut Automation's advanced risk-monitoring and compliance automation platform equips their customers to achieve a faster, hassle-free path to information security. The platform is capable of integrating with customer's cloud infrastructure and application landscape, performing gap assessment of compliance status and requirements, monitoring over 150 automated cloud-risk controls, assisting with automated application and software component risk assessments, tackling vendor and asset risk management, creating and enabling approval workflows, and building policies – all through a single window for a seamless experience. Build a robust information security posture based on your risk profile, and get compliant across 20+ major standards – including ISO 27001, SOC 2, GDPR, NIST, CCPA, HIPAA, PCI DSS and more.Scrut Automation believes that information security should serve as an accelerator—not an inhibitor—for business, development, growth, and innovation.Second tool
Coming soon