EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Select your location
Local sites
Technology Risk
We offer assurance technology assessment and attestation services, fostering audit quality and instilling confidence and trust in the adoption and implementation of emerging technology.
How EY can help
IT Audit procedures
The execution of high-quality information technology (IT) audit procedures and IT business processes in support of a financial statement audit and audit of internal controls over financial reporting creates the foundation of our commitment to protecting investors and the broader economy.
IT Audit services include:
- Integrated audit
- Financial statement audit
Service Organization Control Reporting and Attestation Services
An independent assessment is undertaken to test management’s assertion over business processes and controls in the IT audit environment and to test business process and controls against specific attestation and agreed-upon procedures (AUP) standards. We also assess internal controls around security, privacy, confidentiality, availability and processing integrity.
Attestation services include:
- Service Organization Control Reporting (SOCR):
- SOC 1, SOC 2 and SOC 3
- SOC for Supply Chain/Cyber
- Agreed-Upon Procedures (AUP) Examination Reporting
- Digital Services Act (DSA) and Digital Markets Act (DMA) certification
- International Organization for Standardization (ISO) certification
- Cybersecurity Maturity Model Certification (CMMC)
- SWIFT certification
- Heath Information Trust Alliance (HITRUST) certification
- Trusted Information Security Assessment Exchange (TISAX) assessment
- Performance audits
IT system upgrades and implementation assessments
For companies continuing to invest in technology, it is essential to fully understand IT process risks and to proactively identify potential internal control gaps prior to a system upgrade or implementation.
IT pre- and post-upgrade and implementation assessment services include:
- Enterprise Resource Planning (ERP) assessments
- Consolidation tool assessments
- Governance, Risk, Compliance (GRC) program readiness
Cybersecurity
The rapid advancement of technology, coupled with an exponential rise in cyber threats, increases risk exposure to technology infrastructure.
EY teams can help identify the ways in which cybersecurity risks can impact IT audit processes, including financial reporting, business procedures and internal controls.
Technology risk cybersecurity services include:
- Cybersecurity program assessments
- Incident response tabletop simulations
- Breach response and analysis assessments
- Cybersecurity disclosure reporting support
- Vulnerability assessments
Environmental, social and governance (ESG)
Investors, regulators and society at large are demanding more transparency on nonfinancial performance, especially regarding ESG issues.
Technology Risk ESG services include:
- Internal controls pre-assessment
- Evaluations of non-financial systems implementation
- Data pre-assessments
- Gap analysis
- Peer benchmarking analysis
Our latest thinking
Strategic AI integration, governance and risk in finance
Businesses are preparing to incorporate AI into the finance function and anticipating how to manage risks. Read more.
23 Apr 2024
Natalie Jaros
The team
Daryl Box
EY Americas Assurance Technology Risk Leader
Driven leader. Champion of quality. Mentor. Husband and father.
Houston, USA
Jim Okas
EY Americas Assurance Deputy Technology Risk Leader
Growth-oriented leader. Prioritizes quality and collaboration. Dedicated relationship builder. Mentor. Advocate for diversity. Devoted father and husband.
Iselin, USA
