• Image1
  • image2
  • inner1
  • home slide 2

lcs test itgrc

YOU SHOULD REVIEW THE FOLLOWING STATEMENT PRIOR TO SUBMITTING ANY PERSONAL INFORMATION TO THIS WEBSITE. This Website is hosted and operated by The IT Governance and Risk Consulting Pvt.) Ltd, 1/1 Melder Place Nugegoda, Colombo. Sri Lanka (in the following "The ITGRC").

The ITGRC respects the privacy of our customers, partners and suppliers of products or services, clients, and their customers. The purpose of this Privacy Statement is to provide you with information concerning our services, the types of information we are provided by third parties or obtain ourselves through your visits to our Website, how we use that information, whether we disclose the information provided to us to others, and the options you have with regard to the use and correction of that information. Although privacy laws can, from jurisdiction to jurisdiction, directly conflict with each other, our goal in handling personal information provided to us is to comply with applicable data protection and privacy laws worldwide and to offer users of our Website notice, choice, the ability to consent, security, data integrity, access, and enforcement with regard to personal identifiable information(PII). The ITGRC's strives to provide protection for your personal information no matter where that information is collected, transferred, or retained.

Collection of Personal Information


IT Governance and Risk Consulting (ITGRC) was established in 2008 with a key objective of providing high quality IT Governance, risk and Security Consulting and Training services that reliable, cost effective and sustainable solutions for public and private sector Banking and Financial Sector Service organizations. We are based in Colombo and employ 6 people.

Quality is important to our business because we value our customers. We strive to provide our customers with services which meet and even exceed their expectations. We are committed to continuous improvement and have established ISO9001 based Quality Management System which provides a framework for measuring and improving our performance. A cost effective Quality Management System is the means adopted to ensure that quality and business objectives are met and to provide objective evidence to substantiate that goal.

The Company is fully committed to the principles of Quality Assurance, Health & Safety and safeguard of the environment and recognizes the necessity for the involvement of all employees to achieve quality goals. A culture of continuous improvement in all services offered to clients and to all internal operations is communicated and promoted throughout the organization. The Quality Management System Requirements:

  • We gain satisfactory understanding of the requirement for each s assignment that we undertake to ensure that the solution we deliver meet our customer expectations
  • Our work is properly planned and managed to ensure that our services are delivered in a manner which enhance our professional standing
  • Competent staff are assigned to undertake the work and that opportunities are provided to allow staff to broaden their skills and achieve job satisfactions through training and by undertaking more complex and challenging work under proper supervision.
  • Feed back is sought on the service and Training that we deliver and the operation of the system to allow continuous improvement of our services.
  • Develop and maintain quality consciousness amongst all management and staff employed by the company;
  • Develop and maintain a culture of continuous improvement in the quality of services
  • We comply with statuary obligations, standards and code of practices relevant to the quality management.
  • Management reviews the quality objectives on a regular basis to ensure the continuous suitability of ITGRC Quality Management System.
The assurance of quality is fundamental to all work undertaken by ITGRC and the members of the staff are adhere to the requirement of the Quality Management Systems for all assignment undertaken by the Company and to maintained records to demonstrates that the Quality Management System has been followed
We have the following systems and procedures in place to support us in our aim of total customer satisfaction and continuous improvement throughout our business:-
  • regular gathering and monitoring of customer feedback
  • a customer complaints review
  • selection and performance monitoring of suppliers against set criteria
  • training and development for our employees
  • regular audit of our internal processes
  • measurable quality objectives which reflect our business aims
  • management reviews of audit results, customer feedback and complaints

Our internal procedures are reviewed regularly and are build into in a Quality Manual which is in progress at present.

ITGRC is an equal opportunity company with a culture that provides for training to staff to ensure that everyone has equal opportunity to develop in line with our aims and objectives.

This policy is posted on the Company web site. The company Board consists of Industry experts, university professionals and prominent experts in the diverse professions. Though the Managing Director has ultimate responsibility for Quality all employees have a responsibility within their own areas of work thereby helping to ensure that Quality is embedded within the whole of the company.

Signed by:
Thilak Pathirage
Position: DIR/CEO

This revision dated: 12th Jan 2012 .
Latest review dated:



DIR/CEO  Senior Consultant  IT Governance, Security  and Risk Management   

11/24, Melder Place, Nugegoda, Colombo, Sri Lanka

(    + 94 777372697   0112825177
*     This email address is being protected from spambots. You need JavaScript enabled to view it.   


Thilak Pathirageisan industry recognized professional in IT Governance, Assurance, Information Security and Risk Management having over 36 years of experience in banking and financialservices industry both in local and overseas. Heis apracticingITGovernanceandriskmanagementprofessionalwithextensiveexperienceinOperational RiskManagement,InformationSecurity,Informationriskmanagement,BusinesscontinuityManagement andInformationSystems Assurance& Audit for overtwo decades.Thegreatmajorityofhisexperience is in the banking and financial services industry,but covers also manufacturing and government.


He holds several global certificationsinIT Governance, IT Assurance, InformationSecurity and RiskManagement with soundbusinessmanagementbackground.Heis probably the first Sri Lankan to win, CISA, CISM, CRISC CGEIT, and CBCP certifications with such a business background in the Country.


Pathirage was a member of the senior management team of Seylan Bank PLC for 10 years and has been headed  Information System Audit, Information Security,  Operational RiskManagement (ORM), where created Information System audit Function, operational riskmanagement function,Information risk management function(oversee theInformation Risk Governance Officers role)andBusiness Continuity RiskManagementfunction.  While in the  Bank service, he has also been seconded to the CEO position ofCISSLtd, aspecialistinformationsecurityconsultancyarmof the Group of companies whichwas incorporated in 1992.


He started his careerinBankofCeylonand latermigratedtooverseastotakeupaposition in informationGovernance roleandjoinedSeylan in1997whereheintroducedandimplemented IT Governance,Assurance, Basel 2 basedOperationalRisk management policies/framework and programmes and InformationRiskGovernance Polices/frameworkandprogrammesincluding, ITRiskManagementandBusinessContinuity Managementfor thefirsttime in Seylan Bank.


He has being  conducting several consultancy engagements in many cooperate clients including Banks, finance companied, BPOs, software companies , Telcos etc. He also conducts publicworkshopson ITGovernance,RiskManagement,Business Continuity Operational Risk andinformationSecurity relatedtopicsforlastseveralyearsandhaswonthebestITSecurityTrainingAwardinyear2008,offered byISACASriLankaChapter.HeisavisitinglectureronInformationSecurityManagementat theUniversity OfColombo SchoolofComputing(UCSC)forseveralyearsandthefunderlecturer ofDISCProgramof ICASL. Heisalsoa publicspeakeratvariousnational&internationalforumsandseminars andhas published several presentations and research papers.


Pathirage wasa member ofICTA  (Information Technology Advisory Authority of Government of Si Lanka) eSecurity workinggroup in SriLankaand has chaired the Computer EmergencyReadinessTeam(CERT)subcommittee.HeisaFounderMemberand thePromoterofISACA SriLanka Chapterin1996andthefounderandthepresent Presidentofthe (Information System Security Association (ISSA)chapterSriLanka( www.issa.org). He is also the Past VicePresident and CISA coordinatorfor several years.


Currently he is the DIR/CEO and the principal consultant of ITGRC Ltd. He is also attached to the visiting lecture panels of  both Colombo and Sri Jayawardenapura Universities on information security related topics.  He is a voluntary researcher of strategic management of IT Governance, Operational Risk Management InformationSecurityandOperational Risk,Information RiskManagementandEnterpriseRiskManagement in general. Healsohasbeenconductingseveral certificationprogrammes on CISA, CISM,CISSP and CRISC for the benefit ofthe new entrance tothe profession.



Professional Memberships

·            The Information Systems Audit & Control Association  (ISACA)- USA

·            The   Disaster Recovery Institution International- (DRII)– USA

·            The Information Systems & Security Association (ISSA)– USA

·            The International Information Systems Security Certification Consortium(CISSP) –ISC2 USA

·            Postgraduate Institute of Management of Sri Jayawardenapura (PIM)- Alumni Association

·            Institute of Bankers of Sri Lanka (IBSL)

·            Association of Professional Bankers of Sri Lanka(APBS)

·            Chartered Institute of Securities and Investment (CISI) London

·            Institute of Operational Risk Management (IOR) –UK

·            Member of Global Risk Community  http://globalriskcommunity.com/


To read his full profile:   https://www.linkedin.com/in/thilakjayasenapathirage

Read More


Dr. KasunDr Kasun De Zoysa - Ph.D. in Computer Security , Licentiate of  Philosophy in Computer and System  Sciences B.Sc. Spl  in Computer Science (First Class     Honors)

Senior  Advisor- Information Security

11/24, Melder Place, Nugegoda, Colombo, Sri Lanka

(    +  94 773832923

*     This email address is being protected from spambots. You need JavaScript enabled to view it.

Dr Kasun  has extensive experiences in Information Security  management t, IT risk  management an d information security  consulting  for  over  15 years.  He is a  volunteer research scientist, Cyberspace Security Policy and  Research Institute, School of Engineering and Applied Sciences, George Washington University , USA an d he is a guest Researcher in Department of Computer an d System  Sciences, Stockholm  University ,  Sweden  since January 1999. He holds a PhD in Computer Security from  Stockholm  University , Sweden . After being graduating from  the University  of Colombo with a First Class Honor of BSc. Special Degree in Computer Science he obtained Licentiate of Philosophy  in Computer and System   Sciences from  the Stockholm  University , Sweden .

He has conducted several IS Security  seminars an d workshops an d p resented several research paper at several national and international forum s.  Presently  he is attached  to  University  o f Colombo School of Computing as a senior lecturer in information security .

Read his full profile: http://www.ucsc.cmb.ac.lk/lecturers/kasun



Madams photoK. N. Rupasinghe

Director   Training and Education

11/24, Melder Place, Nugegoda, Colombo, Sri Lanka

(    + 94 772300268

*    This email address is being protected from spambots. You need JavaScript enabled to view it.    

BSc in Management (Hons) Sri  Jayawardarapura University, Diploma in Computer Systems Design from National Institute of Business Management )

Participated several international events and in Certified Training Programs on “Training of Trainers in information Technology” in West Germany, Japan and Malaysia. 

Training and Consultancy experience at the National Institute of Business Management over a period of seven years.

At the capacity of the Director of Information Technology at the Institute of Chartered Accountants, Planning, Coordinating, Designing and Developing Training Programs to members and students of the Institute of ICASL and stake holders on Information Security, Risk Management etc. 

Member of Computer Society of Sri Lanka and Australian Computer Society.


Our Vision

Making the world a safer and sustainable place to thrive.

Our Mission

  • Providing technology independent professional services with no bias towards specific vendors or solutions.
  • Providing IT Governance, Security and risk management services to diverse industries
  • Providing resources that understand both the technical and business requirements and can communicate effectively with all levels of the organization.
  • Ensuring we understand the business and therefore ensure our projects reflect the appropriate risks critical to the business.
  • Providing value adding support to maximize the value of the project to the clients.
  • Sharing expertise knowledge for the benefits of our clients and the general public.
  • Our commitment to our clients

    Being independent we’re not tied to any vendors or products and are free to find the best solution for our clients’ needs and budgets, tailoring our services and implementation for each project. 

    We pride ourselves on forging long-term partnerships that benefit our clients. It’s why we started our company. So we work as a team to ensure our clients’ are protected, giving them the confidence to get on with running their organization and leveraging information technology to its greatest potential.

    Everyone at ITGRC has the rare combination of technical expertise and business acumen as well as hands-on experience of business issues across a broad range of industries and technical environments. We proudly deliver our services from a business-focused point of view and can communicate easily and effectively with all levels of an organizations. 

    The Swirl logoTMis a trade mark of AXELOS Limited.
    ITIL®is a registered trade mark of AXELOS Limited.
    PRINCE2®is a Registered Trade Mark of AXELOS Limited.
    COBIT®is a trademark of ISACA®registered in the United States and other countries.
    CISM CRISC CGEIT CISA® are Registered Trade Marks of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute
    CISSP is a registered mark of The International Information Systems Security Certification Consortium ((ISC)2)