Organisations are under more pressure than ever before to be able to demonstrate effective management of IT risk across their business. The sophistication of cyber threats is rapidly evolving resulting in organisations being required to advance their protective, detective and corrective IT controls as well as to obtain independent assurance of control design and operating effectiveness.

IT Risk Assurance

Our team helps organisations by providing independent assurance as to the design and operating effectiveness of their IT processes/controls. We do this by performing high quality controls testing and highlighting areas of improvement within IT processes/controls coupled with value-adding recommendations to mitigate the IT risk on a sustainable basis. Our services include:

Director David Spollen

Business Risk Services

Find out more
  • IT external audit
  • IT internal audit cosourcing / outsourcing and Quality Assurance (QA)
  • Third Party Assurance / Service Organisation Control (SOC) reporting

IT Risk Advisory

Our team helps clients to design and implement more robust IT risk management practices as well as enhancing their IT processes/controls. We can offer advisory services across a wide array of IT process areas ranging from Incident or Problem Management to Change Management to IT Service Continuity Management (Disaster Recovery) to name a few. Our services include:

  • IT risk management
    • IT risk management advisory
    • IT risk remediation advisory
  • IT process/controls advisory
    • IT governance
    • IT resilience
    • IT process/controls enhancement
    • Sarbanes-Oxley IT controls support
    • IT Outsourcing (IT Vendor Management) advisory
    • IT controls design advisory
    • IT application controls design reviews and testing
    • Data centre / physical security controls design reviews and testing
    • Data migration reviews
    • Computer-assisted audit techniques (CAATs) support
    • Cloud system IT control reviews
  • IT regulatory advisory
    • Skilled Person reviews (section 9 [ROI] / section 166 [UK])
  • IT due diligence