Technology risk services

In Advisory

We provide assessment and attestation services to help companies understand and manage business risks related to technology in the Transformative Age. Services include IT Audit, System and Control Reporting, and Extended Assurance.


What EY can do for you

Business and technology are converging rapidly. With technology becoming the business of every company, understanding information technology (IT) risk is becoming more important. The ability to understand these risks and bridge the knowledge gap that often exists between business and IT is our core strength. Our work provides needed confidence to decision-makers.

Our global Technology Risk team can help you to achieve sustainable growth within the rapidly growing digital world by supporting your efforts to protect your business performance and by providing trusted communications focused on internal controls to investors, management, regulators, customers and other stakeholders. We accomplish this by assessing technology risks introduced by digital business through:

  • Understanding your strategies, initiatives, processes and issues around IT controls, cyber attestation, cloud assurance, certification, contractual compliance or software asset management
  • Providing services that help you navigate through the digital complexity to make confident and faster decisions

We’ll help you:

  • See the big picture related to technology risks so that you can make better, faster and more confident decisions
  • Create trust and confidence in financial reporting
  • Provide trusted communications and assurance against technology risk, along the value chain, to customers, alliances, strategic partners, governments and authorities
  • Identify, improve and respond to risks from advances in technology
  • Meet evolving regulatory and compliance requirements
  • Control compliance costs
  • Build trust in new technology products and services
  • Undertake proactive technology risk mitigation to prevent risk from occurring

Our services consist of:

  • Through this service, we gain a better understanding of technology risks and assess the related controls to help management implement better controls. Better controls and insights result in better information. Better information helps people make faster and more confident decisions. 

    This service involves performing IT-related procedures in support of financial statement audits and/or as part of the integrated audit, including evaluating IT general control design and operating effectiveness and testing application controls. We examine management controls within an IT infrastructure, in conjunction with a financial statement audit, internal audit or other form of attestation engagement. IT audits allow for:

    • Understanding IT-enabled business change (what is changing and why)
    • Deconstructing the flow of transactions and data in business processes from initiation to reporting
    • Critically analyzing business processes to identify where risks could occur
    • Assessing controls in place to address those risks
    • Advising on opportunities to enhance processes or controls, leveraging the significant technology investments made by clients

    Through these efforts, we provide insights, candid observations and permitted services to help translate uncertainty into confidence, especially in the areas of emerging technologies and risks.

  • Here, we assess controls around security, privacy, confidentiality, availability and processing integrity.

    An independent assessment is undertaken to:

    • Test management’s assertion over business processes and controls in the IT environment
    • Test business process and controls against specific attestation and agreed-upon procedures standards

    EY’s approach assists companies with building stronger relationships with customers, investors, business partners and other stakeholders, by providing increased confidence in communications regarding internal controls. The increased confidence is provided through resulting assurance or attestation reports such as SOC1, SOC2, International Standard on Assurance Engagements (ISAE 3402) and others.

  • EY CertifyPoint is the global certification body for EY. As an accredited and independent certification institute, EY CertifyPoint can help organizations meet their basic requirements, as well as improve the efficiency and effectiveness of the business management systems. We keep the business at the center, identifying areas of redundancy, bottlenecks and potential efficiency gains by means of a systematic and independent certification approach aligned with recognized globally accepted standards.

    We provide certification against ISO standards such as Information Security (ISO27001), Quality (ISO9001), IT Service Management (ISO20000), Business Continuity Management (ISO22301) and Environmental Management (ISO14001). Or we can help you assess your gaps and obtain the necessary readiness for certification. EY CertifyPoint also provides lead implementer and lead auditor courses, including certification of personnel for several ISO standards.

  • We can address purpose-led risks and opportunities, which go beyond tangible corporate risk, so that they are digitally infused, empowered by end-to-end processes and governed in a way that enables trust among business partners and alliances.

  • This service provides an objective assessment of the effectiveness of management and governance systems in terms of regulatory requirements and contracted services for outsourced business activities in an increasingly digitized, data-dependent and technology-enabled connected ecosystem.

    We assist clients with conducting compliance assessments with respect to:

    • Specific laws and regulations applicable to the different lines of business, affecting both financial reporting and operations
    • General laws of the land of the country where the entity has operations
    • Internal company policies and procedures

    Additionally, we create and deploy compliance management frameworks across different locations and business lines.

  • Here, we help enable contractual excellence and compliance by transparent contract steering, execution and monitoring while closing financial, contractual and operations “blind spots” in contractual relationships. Through our contractual compliance services, EY can help clients to improve contract management processes and systems, manage contract terms to achieve their desired outcomes, and improve supplier relationships. The service involves assisting clients with:

    • Understanding risk factors associated with each third party and contract type and to identify the areas of focus for the third-party audit plan
    • Performing agreed-upon procedures related to attributes of an organization’s client contracts; related contract systems, processes and controls; contract agreement structure; and a counterparty’s adherence to contract terms
    • Performing assessment services and providing recommendations in connection with a contract, a portfolio of contracts, related processes, systems and controls, and adherence to contract terms.
  • SAM identifies and mitigates risks — such as financial, contractual, regulatory and information security associated with the use of software — and helps optimize software costs.

Contact us

Like what you’ve seen? Get in touch to learn more.