woman engineer in server room

IT Risk Advisory Services

Assess, manage and mitigate your IT risk

Information technology risk is business risk. A single intrusion can result in millions of dollars in downtime, incident response, identity protection services, legal fees, recovery costs and reputational harm. And given the pervasive use of technology in financial reporting, IT risk is also pervasive to SOX and your external audit.

At CFGI, our IT Risk Advisors assist organizations that want an accurate assessment of their IT general controls (ITGCs), their cybersecurity risk profile or of the data they hold. We have the business acumen, the finance and accounting expertise, and the IT skills needed to establish and maintain an IT risk management program that accurately reflects your operational realities.

How CFGI helps

Every organization is exposed to some level of IT-related risk, and often, that risk is directly tied to the company’s financial well-being. Our goal is to help organizations understand the full scope of their risk profile and figure out the best way to manage that risk — avoidance, mitigation, transfer or acceptance. 

We can achieve this through IT risk assessments that highlight the short- and long-term fallout of different types of potential harm, for instance inappropriate access, inadequate change management, failed computer operations, cyberattacks, data breaches and other potentially harmful incidents involving information systems. From there, our experts can prescribe risk management strategies in line with regulations, guidelines and best practices that keep assets safe from harm.

SOX compliance and Internal Audit

We work hand-in-hand with our Risk Advisory counterparts in providing IT General Controls for SOX and Internal Audit projects. We deliver outsourced and co-sourced IT staff to provide the exact support you’re seeking. In addition to ITGCs, our IT Risk Advisory staff evaluate automated controls and the completeness and accuracy of information used in the execution of key controls.  

SOC 1 and SOC 2 assessments

As part of a SOX project or vendor due diligence, an evaluation of System and Organization Controls (SOC) reports is conducted over the Service Organizations.

As former Big 4 auditors with significant experience in SOC 1 and SOC 2 attestation engagements, our IT Risk Advisory staff are uniquely positioned to understand how to read and evaluate the SOC 1 and SOC 2 reports and provide you the insight you require as to the risks and controls described therein.

IT operations

Our IT experts have strong operational experience that can help in anything from IT process improvement, system implementations and the system development lifecycle, IT compliance (e.g. variety of ISO and NIST standards, PCI-DSS, HIPAA, etc), and harmonization of risks and controls across frameworks, to name a few.

In addition, our expert IT Risk Advisory team can support your IT operations putting together an incident response plan to give you peace of mind that when a cybersecurity or other incident occurs, your teams will know how to react. We can help with business continuity and disaster recovery, more broadly, and ensure you are prepared to handle any number of risk scenarios effectively.

Readiness projects (ISO 27001, SOC 1, SOC 2, etc)

Companies often find they need to provide its management, the market or their customers with additional comfort over their operations. This could include certification based on an ISO standard or an attestation of a SOC 1 or SOC 2. While CFGI does not provide certification or attestation services, our IT Risk Advisory team are your perfect partner to get you ready for your compliance needs.

CFGI is not restricted by independence requirements and therefore can perform the initial gap assessments, build your roadmap to compliance and work with you to resolve any gaps, such that you are ready for your certification or attestation.

Don’t gamble with IT risk

Contact CFGI to learn how our experts can help your organization:

  • Maintain compliance with regulations and guidelines.
  • Safeguard your assets, consumer data, trade secrets and valuable IP.
  • Prevent business email compromise and improve security awareness.
  • Protect your business’s reputation.
  • Help secure the financial and operational health and well-being of your organization.