Advisory Services

  • Share

IT Risk and Assurance services

We help organizations address the challenge of managing IT risks in a way that is in line with their business strategy. Our teams draw on in-depth technical and IT-related risk management knowledge from our global presence and extensive experience. We help clients and their stakeholders be confident that their organization's key IT-related risks are identified, understood and managed effectively.

Our key service offerings:

Business continuity management services


  • Prevent incidents from occurring
  • Increase incident/disaster response readiness
  • Reduce downtime in the event of a business disruption


Data Analytics


All products, services, customer actions and organization interactions leave a data footprint. Good organizations use this reservoir of information to generate customer insights, but great organizations use this treasure trove to drive opportunities in manifold areas like Finance, Operations, Risk Management, Compliance, Fraud and Human Capital. Social Media now offers a window to track & measure customer satisfaction, identify latent demand and tap new prospects.

Read more


Privacy risk advisory


  • Privacy risk assessment
  • Privacy compliance review
  • Privacy advisory


IT enterprise-wide governance risk and compliance


  • IT risk management and compliance
  • Enterprise-wide governance, risk and compliance (EGRC) technology enablement advisory and implementation
  • Information management and analysis
  • IT effectiveness
  • Program advisory 


IT internal audit


  • IT internal audit co-sourcing/outsourcing
  • IT internal audit transformation


IT internal controls


  • Application controls and security
  • Continuous control/process monitoring
  • Information security (including Attack & Penetration, ISO 27001 certification)
  • IT contract risk
  • IT infrastructure controls and security
  • IT risk remediation
  • Third party reporting
  • Vendor selection assistance 


Software asset management (SAM)

SAM refers to the infrastructure and processes necessary for the effective management, controls and protection of the software assets within an organization, throughout all stages of their lifecycle.

In an environment with increasingly complex licensing criteria, organizations are using SAM to streamline their Software Asset procurement, deployment, maintenance, retirement and governance processes. Further, an increased focused on cost optimization within the organizations, and an attempt to prevent unbudgeted monetary flows due to Software License Reviews by the Software Publishers is leading organizations to adopt a SAM program within the organization.

  • EY can support organizations, recognize the current state of their software procurement and deployment.  This would help them to
  • Understand the usage of unauthorized software at the organization, if any;
  • Determine any over-deployment of procured software, resulting in potential compliance issues
  • Determine any
  • Usage of software within the organization, leading to optimization of software assets
  • Determine a road map to implement policies and processes in line with ISO-19770-1, leading to a sustained SAM program within the organization

Case study

A global IT company used products from more than 200 software publishers. EY prepared a deployment summary for all products used, and conducted a deployment vs. entitlement analysis for products across 9 software publishers.  With a network of over 40000 laptops/desktops and 3700 servers spread across multiple locations, the asset reconciliation had to be performed without impacting the business operations. EY also evaluated the organization's SAM processes and provided recommendations to improve the SAM.

Governance, risk and compliance (GRC) automation services

With the current economic environment exerting pressure on non-revenue generating functions, organizations are focusing on reducing redundancies and streamlining GRC-related processes and systems to achieve more value, lower cost and reduce residual risk. Additionally, the GRC function has become more complex with the organizations’ growing scale and geographical distribution. Further, an organization may have to tackle one or more of the following GRC mandates:

  • Regulatory body compliances: RBI, TRAI, SOX
  • Information security standards: ISO27001
  • Privacy laws
  • Internal audit/policy requirements
  • Business process compliances
  • Client requirements
  • Legal and tax laws
  • Statutory audits Environment sustainability

Looking at all these factors, an automated approach to governance, risk, and compliance processes is the most viable option, which would lead to reduction in associated costs and increase in the value that can be obtained out of GRC processes. In some cases, automation may be the only option available to meet the dynamic, complex and widely distributed environments. Automation can provide the stakeholders a holistic view of risk and compliance across the organization and can help address scalability factors to cater to the ever- changing audit and compliance requirements. Furthermore, it will increase the accountability and provide higher visibility to stakeholders.

Our experienced team of professionals, having extensive experience in GRC services with training and certifications in multiple GRC tools (such as RSA Archer, IBM Open Pages, Control Case, EY in-house tools, etc), can assist you in your GRC automation initiative.

Our focus areas include:

  • Pre-configuration services – Design is key to any successful GRC tool configuration. Inadequate design could yield the best of tools incapable to handle an organization’s GRC requirements. We can leverage our GRC functional and industry knowledge to help clients with the following:
    • GRC framework and workflows development
    • GRC automation roadmap definition
    • GRC tool selection
  • Configuration services – Tool configurations are performed as per the defined GRC framework and workflows. We can help with the following :
    • GRC blueprint development
    • GRC configuration and deployment for pilot and full roll-out
    • GRC solution user acceptance testing
    • Configuration quality assurance and program management
  • Post-configuration services – Once a GRC tool has been deployed, user-training is the key activity. We can help with the following:
    • Post configuration review
    • GRC training and awareness management
    • GRC services such as risk management, audit, compliance, etc using the tool deployed in the organizations’ environment


Contact us

Find your nearest advisory services contact

IT Advisory Services

EY - Samiron Ghoshal

Samiron Ghoshal 
Advisory Partner & IT Advisory Leader
Tel: +91 12 4464 4000

Media Contacts

Lina Gokarn
+91 22 61922356


Connect with us

Stay connected with us through social media, email alerts or webcasts. Or download our EY Insights app for mobile devices.

EY - Data Analytics

Data Analytics

Want to know how we help organizations develop an analytics strategy? Explore our accelerators, tools and methods which help organizations jumpstart their analytics journey.

EY - Enterprise IT trends 2014: the CIO perspective

Enterprise IT trends 2014: the CIO perspective

Our recent survey highlights the CIO perspective on enterprise IT tools and disruptive technologies shaping products, processes and organizations today.