IT Risk Advisory Services

Assess, manage and mitigate your IT risk

Information technology risk is business risk. A single intrusion can result in millions of dollars in downtime, incident response, identity protection services, legal fees, recovery costs and reputational harm. And given the pervasive use of technology in financial reporting, IT risk is also pervasive to SOX and your external audit.

At CFGI, our IT Risk Advisors assist organizations that want an accurate assessment of their IT general controls (ITGCs), their cybersecurity risk profile or of the data they hold. We have the business acumen, the finance and accounting expertise, and the IT skills needed to establish and maintain an IT risk management program that accurately reflects your operational realities.

How CFGI helps

Every organization is exposed to some level of IT-related risk, and often, that risk is directly tied to the company’s financial well-being. Our goal is to help organizations understand the full scope of their risk profile and figure out the best way to manage that risk — avoidance, mitigation, transfer or acceptance. 

We can achieve this through IT risk assessments that highlight the short- and long-term fallout of different types of potential harm, for instance inappropriate access, inadequate change management, failed computer operations, cyberattacks, data breaches and other potentially harmful incidents involving information systems. From there, our experts can prescribe risk management strategies in line with regulations, guidelines and best practices that keep assets safe from harm.

SOX compliance and Internal Audit

We work hand-in-hand with our Risk Advisory counterparts in providing IT General Controls for SOX and Internal Audit projects. We deliver outsourced and co-sourced IT staff to provide the exact support you’re seeking. In addition to ITGCs, our IT Risk Advisory staff evaluate automated controls and the completeness and accuracy of information used in the execution of key controls.  

SOC 1 and SOC 2 assessments

As part of a SOX project or vendor due diligence, an evaluation of System and Organization Controls (SOC) reports is conducted over the Service Organizations.

As former Big 4 auditors with significant experience in SOC 1 and SOC 2 attestation engagements, our IT Risk Advisory staff are uniquely positioned to understand how to read and evaluate the SOC 1 and SOC 2 reports and provide you the insight you require as to the risks and controls described therein.

IT operations

Our IT experts have strong operational experience that can help in anything from IT process improvement, system implementations and the system development lifecycle, IT compliance (e.g. variety of ISO and NIST standards, PCI-DSS, HIPAA, etc), and harmonization of risks and controls across frameworks, to name a few.

In addition, our expert IT Risk Advisory team can support your IT operations putting together an incident response plan to give you peace of mind that when a cybersecurity or other incident occurs, your teams will know how to react. We can help with business continuity and disaster recovery, more broadly, and ensure you are prepared to handle any number of risk scenarios effectively.

Readiness projects (ISO 27001, SOC 1, SOC 2, etc)

Companies often find they need to provide its management, the market or their customers with additional comfort over their operations. This could include certification based on an ISO standard or an attestation of a SOC 1 or SOC 2. While CFGI does not provide certification or attestation services, our IT Risk Advisory team are your perfect partner to get you ready for your compliance needs.

CFGI is not restricted by independence requirements and therefore can perform the initial gap assessments, build your roadmap to compliance and work with you to resolve any gaps, such that you are ready for your certification or attestation.

Cybersecurity risk and maturity

Most fraud, such as phishing scams that manipulate users into giving away personal information or installing malware, exploit weaknesses in human behavior and risk policies. In addition, devastating attacks, such as ransomware, are effectively executed as a result of failures of simple risk mitigation techniques.

That is why most organizations must first evaluate their existing policies and processes through the lens of cybersecurity and identify cyber risks that are not adequately addressed.

Our cybersecurity experts will work with you to understand your current cyber maturity and what a desired future state looks like, allowing us to build out a roadmap and help you achieve your desired goal that is tailored to your needs and cyber risk profile. This will allow you to focus on the truly important areas and avoid unnecessary expenses in the road to cyber maturity. This will also mitigate the risk of catastrophic failures such as crippling cyberattacks and data breaches that are becoming all too common these days.

Learn more about our Cybersecurity and Data Privacy solutions.

Privacy and data security

The European Union’s General Data Protection Regulation (EU GDPR) and California’s Consumer Privacy Act (CCPA) are two examples of critical data privacy regulations that many companies must comply with effective immediately. If you don’t know whether you need to comply, or how you should comply, contact our IT Risk Advisory team today.

If you have a data privacy program, or an Internal Audit department auditing this area, our IT Risk Advisory data privacy experts can augment your team and assist with any number of privacy program related activities.

Learn more about our Cybersecurity and Data Privacy solutions.

Don’t gamble with IT risk

Contact CFGI to learn how our experts can help your organization:

  • Maintain compliance with regulations and guidelines.
  • Safeguard your assets, consumer data, trade secrets and valuable IP.
  • Prevent business email compromise and improve security awareness.
  • Protect your business’s reputation.
  • Help secure the financial and operational health and well-being of your organization.