Technology and Security Risk Services

Today, the health and viability of most businesses is heavily dependent on the strength and security of their information technology (IT) infrastructure.

As a result, IT has become a high-priority issue in executive suites and corporate boardrooms, driving top management to provide proactive sponsorship for efforts that will ensure adequate IT security and availability. And create an operating environment that effectively manages — and mitigates — risks.

We can help you focus on fundamental as well as emerging IT issues as you develop and execute plans to respond to stakeholder expectations. Our services are based on insights into how leading organizations prioritize their efforts to ensure that IT investments provide maximum security and risk mitigation in the most cost effective manner.

Our services are backed by extensive technical competencies, which include:

• Helping to protect IT assets against external viruses, cyber terrorism and other malicious attacks and internal security threats
• Advising on software application controls integrity
• Improving IT processes
• Addressing regulatory compliance on IT applications

Our areas of focus include:

IT for Assurance: Third Party Reporting, Application Controls and Security, Information Security

IT for Risk: Third Party Reporting, Application Controls and Security, Information Security, IT Effectiveness, Program Advisory Services

IT for Performance: Information Management and Analysis, Application Controls and Security, Information Security, IT Effectiveness, Program Advisory Services

Outlook for privacy, security and compliance

This three-part series, written for CIO.com by risk professionals from Ernst & Young US, outlines the top information technology issues companies should be thinking about in the areas of privacy, security, and compliance:

• IT and the changing privacy landscape (pdf, 160kb)
• The future of information security (pdf, 146kb)
• Compliance, convergence and how IT fits (pdf, 164kb)

Continuous controls monitoring (CCM)

An effective CCM program can help drive compliance efforts, identify potential processing errors, and detect fraud. Learn the three key considerations (pdf, 133kb) for building a CCM program, written by professionals from Ernst & Young US and published in SAP Insider.

Information Technology risk management’s critical role

A survey asks nearly 150 risk management and IT executives at global financial institutions for their feedback on the framework, processes, and drivers of information technology risk management (pdf, 3.4mb) and the role it plays in an organization’s overall risk management structure. The results and analysis focus on four key areas: convergence, common understanding of risks and controls, IT risk management investments, and risk reporting.

Achieving a balance of risk and performance

Organizations are increasingly looking at improving business performance alongside their information security risk management. The "10th annual global information security survey" looks at the current state of information security, and offers opportunities for balancing risk mitigation and performance, and aligning information security with the business.

Outsourced process controls

When an organization is processing another's data or has decided to outsource its own processes, stakeholders of outsourced business processes require timely information about controls in place and their operating effectiveness. Many organizations provide SAS 70 (pdf, 304kb) reports to users. While these reports cover the objectives of a financial statement audit, they do not cover important control information about continuity, privacy, or other non-financial objectives about which stakeholders may be concerned.