Technology Risk

We offer assurance technology assessment and attestation services, fostering audit quality and instilling confidence and trust in the adoption and implementation of emerging technology.

As companies accelerate the adoption of technology solutions in all aspects of their business, specialized knowledge of IT is integral to the execution of high-quality audits and the need to safeguard internal controls.

In Technology Risk, we assist in assessing risks, identifying gaps, mitigating audit risk and enhancing technology-related investments in support of a financial statement audit, audit of internal controls over financial reporting, Service Organization Control Reporting and other forms of attestation services.

These services enable companies to navigate digital complexities with confidence, making informed decisions for their business while promoting trust in the capital markets. 

How EY can help

IT Audit procedures

The execution of high-quality information technology (IT) audit procedures and IT business processes in support of a financial statement audit and audit of internal controls over financial reporting creates the foundation of our commitment to protecting investors and the broader economy.

IT Audit services include:

  • Integrated audit
  • Financial statement audit

Service Organization Control Reporting and Attestation Services

An independent assessment is undertaken to test management’s assertion over business processes and controls in the IT audit environment and to test business process and controls against specific attestation and agreed-upon procedures (AUP) standards. We also assess internal controls around security, privacy, confidentiality, availability and processing integrity.

Attestation services include:

  • Service Organization Control Reporting (SOCR):
    • SOC 1, SOC 2 and SOC 3
    • SOC for Supply Chain/Cyber
  • Agreed-Upon Procedures (AUP) Examination Reporting
  • Digital Services Act (DSA) and Digital Markets Act (DMA) certification
  • International Organization for Standardization (ISO) certification
  • Cybersecurity Maturity Model Certification (CMMC)
  • SWIFT certification
  • Heath Information Trust Alliance (HITRUST) certification
  • Trusted Information Security Assessment Exchange (TISAX) assessment
  • Performance audits

IT system upgrades and implementation assessments

For companies continuing to invest in technology, it is essential to fully understand IT process risks and to proactively identify potential internal control gaps prior to a system upgrade or implementation.

IT pre- and post-upgrade and implementation assessment services include:

  • Enterprise Resource Planning (ERP) assessments
  • Consolidation tool assessments
  • Governance, Risk, Compliance (GRC) program readiness

Cybersecurity

The rapid advancement of technology, coupled with an exponential rise in cyber threats, increases risk exposure to technology infrastructure.

EY teams can help identify the ways in which cybersecurity risks can impact IT audit processes, including financial reporting, business procedures and internal controls.

Technology risk cybersecurity services include:

  • Cybersecurity program assessments
  • Incident response tabletop simulations
  • Breach response and analysis assessments
  • Cybersecurity disclosure reporting support
  • Vulnerability assessments 

Environmental, social and governance (ESG)

Investors, regulators and society at large are demanding more transparency on nonfinancial performance, especially regarding ESG issues. 

Technology Risk ESG services include:

  • Internal controls pre-assessment
  • Evaluations of non-financial systems implementation
  • Data pre-assessments
  • Gap analysis
  • Peer benchmarking analysis

Assurance services

Assurance teams serve the public interest by promoting trust and confidence in business and the capital markets.

Read more

Contact us

Like what you’ve seen? Get in touch to learn more.

Mail