Information Technology Risk Services Overview
Information technology risks are ever changing and must be managed for an organization to remain confident in their security and control environment.
RubinBrown professionals have the knowledge and expertise in the information technology risk area. We can help you manage your risks and provide an evaluation of your organization's information system's availability, confidentiality, and integrity. RubinBrown IT Risk professionals can help your business in the following areas:
- System Improvement & Enterprise Resource Planning (ERP) Solutions
- Cloud Computing Solutions Including SOC 1, SOC 2 and 3
- IT Risk Assessment and Response
- Data Assurance and Analysis
- IT Due Diligence
- IT Governance
Unlike many technology risk advisors, RubinBrown, a PCAOB registered firm, also offers a full range of business consulting services. Drawing on financial, management and operational expertise, RubinBrown can help smooth the transition to new information technology with the depth and breadth of our resources.
System Improvement & ERP Solutions
In today's business environment, an ERP system that is secured, optimized and supports your business needs is key for success. Our professionals can help with a variety of solutions, whether you are considering an ERP system or have systems in place for many years.
System Implementation Support
Looking for a partner to implement controls and structure into your ERP development and final solution? We can provide independent implementation oversight to help ensure that your implementation stays on task, on budget and, as necessary, controlled in a manner to support your business in the most cost efficient manner.
You made a significant investment in your ERP system but do you know if you are optimizing your system use? Are your automated controls implemented? Our team can assess your business processes and provide you a road map for optimization of your ERP including helping to ensure your system's configuration is in line with your internal control policies and that your resources are effectively utilized.
Segregation of Duties and Compliance
Segregation of duties (SoD) is often a difficult task for companies to implement on their own. Our professionals possess experience and tools to help identify SoD conflicts, verify their root causes, and help you develop strategies and processes to maintain an organized and sustainable program. Additionally, we can help tailor your Governance Risk and Compliance environment to help effectively implement and manage policies and their supporting controls to maintain a strong risk posture.
Security and Controls
Security in an ERP environment can be very complicated. We can lend you our experience to assess your environment and help you develop security processes, controls and strategies that will enable secure processing of transactions in your environment.
One of the most challenging aspects of using an ERP system is to develop a good reporting strategy. We can help you determine the information required to manage your business and map those requirements to specific reports to help ensure everyone receives consistent and reliable information.
Cloud Computing Solutions
Including SOC 1, SOC 2 and SOC 3
RubinBrown has initiated an exclusive information series, the "Cloud Insight Series". Our purpose is to increase the transparency into what the Cloud means, who needs it and how it can benefit you. Because we have extensive experience utilizing the Cloud, our IT Risk Services professionals help companies successfully navigate the road map to the Cloud and help Cloud providers address the questions about the controls over their services.
The American Institute of Certified Public Accountants (AICPA) recently provided a new approach to offer alternative solutions for reports designed to provide users of the Cloud and other third-party services comfort around those business process and system controls relevant to them: AICPA Service Organization Control (SOC) reports. There are 3 reports in this framework:
AICPA SOC 1
Report on Controls at a Service Organization Relevant to User Entities' Internal Control over Financial Reporting (ISSAE16) provides comfort around internal controls over financial reporting. This service offering allows the use of an AICPA logo on your website indicating the report performance.
AICPA SOC 2
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and/or Privacy. This service offering allows the use of an AICPA logo on your website indicating the report performance.
AICPA SOC 3
Trust Services Report provides an on-line seal related to the testing of Security, Availability, Processing Integrity, Confidentiality and/or Privacy.
A key driver for the three reporting options is the increasing use of Cloud services to provide valuable benefits such as lower IT cost and flexibility. To fully leverage the benefits from Cloud computing, it is crucial to understand the needs and the vulnerabilities associated with Cloud. For Cloud providers, providing one of the SOC reports can greatly enhance the communication about your control infrastructure.
IT Risk Assessment and Response
An assessment of IT risk, whether it is across an organization or in a particular evolving area, helps align your strategic business goals with the IT environment to achieve success. This type of audit ensures that your IT assets are reliable, available, and compliant within your organization's regulations and needs. With our IT risk assessments and/or targeted IT audits and IT risk response services, we provide direction on actions to advance your business. These can be performed in conjunction with financial statement audits, Sarbanes-Oxley compliance, internal audit, SOC or other attestation engagements, or in response to incidents.
Data Assurance and Analysis
RubinBrown provides the tools, technology and skills necessary to analyze your data. Our cross-functional team drives analysis to change your business. Our team is experienced in the tools (ACL/IDEA) and includes accountants, certified fraud examiners, and information technology auditors. RubinBrown can provide the following Data Assurance and Analysis services:
- Measure Key Performance Indicators
- Reclaim Costs
- Support Investigations
- Analyze Trends in support of business changes
- Develop non-traditional/overlooked measurements
- Provide insights in support of vendor compliance analyses
- Analyze segregation of duties
- Implement ongoing measurement tools to automate the identification of exceptions, analyze patterns and trends and test controls
IT Due Diligence
We offer a focused area of IT risk assessment related to technology during due diligence activities: IT Due Diligence. Our services are applicable to corporate clients, private equity firms, accountants and attorneys.
A key part of the diligence process is to assess the value of a business, including the technology, and the ongoing estimated affect on EBITDA.
Our methodology allows for a streamlined approach with the overall diligence team to assess the technology and identify potentially costly or time consuming technology strategies as well as infrastructure. Our approach includes a responsive team in support of the critical deal time lines.
IT Risk Services Resource Links
The IT Risk Services Group has compiled the following resources that may be helpful to you or your business:
Information Systems Audit and Control Association (ISACA) – www.isaca.org
Institute of Internal Auditors (IIA) – www.theiia.org
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – www.coso.org
IT Risk Services Leaders
We welcome your questions or comments about information technology risk services:
For more information, please contact:
Todd Pleimann, CPA
Kansas City Managing Partner
Matt Wester, CPA, CFE
Tom Brecks, CISA
David Richert, Jr., CPA, CISA
Events and Seminars
|Microsoft Dynamics Receivables Module (Saint Louis)|
Tue May 21 @ 8:30AM - 05:00PM
|Contract Liability & Indemnity Issues For Manufacturers (St. Louis)|
Wed May 29 @ 8:00AM - 09:30AM
|Not-For-Profit Investments Seminar (St. Louis)|
Wed Jun 19 @ 8:00AM - 10:00AM