Technology-based solutions continue to change quickly, and special skill sets are required to implement and manage the hardware and software used by companies of all sizes. As a result, risk associated with information systems and the infrastructure needed to support those systems is one area of risk that is often ignored unless problems arise.

Dixon Hughes can help.
Our team of IT risk advisory professionals serves clients in a variety of industries by helping them build and adapt risk management capabilities in times of significant expansion and regulatory change. Our professionals have industry and public accounting experience—key to understanding changing compliance requirements and the impact of new processes and technologies being used by our clients.

Our professionals are experienced in providing risk management and advisory-related assistance in a number of areas:

• Internal audits and audit plan assistance
• IT and operational risk assessments
• Information systems controls reviews based on best practices and FFIEC guidelines for financial institutions
• Assistance with IT-related documentation and testing associated with Sarbanes-Oxley compliance (Section 404)
• Compliance assessment for privacy requirements (GLBA and HIPAA)
• SAS 70 and Agreed Upon Procedures engagements
• Integrated controls reviews of the platforms and applications supporting your key business processes
• Network security / vulnerability assessments and penetration testing
• IT and operational due diligence assistance

• Internal Audit Services
• Business Process Audits
• Corporate Governance/ Sarbanes-Oxley (Section 404) Compliance
• Enterprise Risk Management
• Business Process Redesign and Change Management
• IT Advisory Services

• IT Risk Advisory Services (pdf)
• SAS 70 Services (pdf)

More Information

• Contact Us