Every organisation regardless of size or sector faces a range of IT risks which should be managed.

At the most basic level, companies must ensure their IT systems have the necessary controls in place to protect data, to prevent breaches and to ensure service continuity in the event of IT systems disruptions or failures.

At the other end of the spectrum, financial services organisations and other regulated entities must be able to satisfy regulators, supervisory bodies and investors that IT risk is properly controlled and managed in accordance with international industry practice.

Our clients need to be able to demonstrate and give assurance to their Board and Management that their IT risks are being appropriately managed. We help these organisations to better manage IT risks. We do this through a number of different ways.

Director David Spollen

Business Risk Services

Find out more

We review and test existing IT controls to determine whether they are adequately designed and operating effectively. We assist with in the development and implementation of Risk Mitigation Plans from regulatory inspections. We help clients to design and implement new IT process or to improve existing IT processes. We help clients to design and implement new IT risk management process or to improve existing IT risk management processes.

Our Services
IT Risk Assurance

Our team helps organisations by providing independent assurance as to the design and operating effectiveness of their IT processes/controls. We do this by performing high quality controls testing and highlighting areas of improvement within IT processes/controls coupled with value-adding recommendations to mitigate the IT risk on a sustainable basis. Our services include:

  • IT external audit
  • IT internal audit cosourcing / outsourcing and Quality Assurance (QA)
  • Third Party Assurance / Service Organisation Control (SOC) reporting
IT Risk Advisory

Our team helps clients to design and implement more robust IT risk management practices as well as enhancing their IT processes/controls. We can offer advisory services across a wide array of IT process areas ranging from Incident or Problem Management to Change Management to IT Service Continuity Management (Disaster Recovery) to name a few. Our services include:

  • IT risk management
  • IT risk management advisory
  • IT risk remediation advisory
  • IT process/controls advisory
  • IT governance
  • IT resilience
  • IT process/controls enhancement
  • Sarbanes-Oxley IT controls support
  • IT Outsourcing (IT Vendor Management) advisory
  • IT controls design advisory
  • IT application controls design reviews and testing
  • Data centre / physical security controls design reviews and testing
  • Data migration reviews
  • Computer-assisted audit techniques (CAATs) support
  • Cloud system IT control reviews
  • IT regulatory advisory
  • Skilled Person reviews (section 9 [ROI] / section 166 [UK])
  • IT due diligence

Why Grant Thornton

The Grant Thornton IT Risk Assurance and Advisory team provides clients with a cutting edge, industry leading service that offers independent assurance that their IT risks are being appropriately managed. The team is made up of IT risk specialists with a background in professional services, financial services and other industry sectors and who can conduct maturity assessments for clients across all sectors in relation to the adequacy of the IT control environment.

Subscribe button.jpg