IT Risk and Assurance

IT Risk and Assurance services are independent professional services that improve the quality of information to management as well as other decision makers within an organization. IT assurance services reduces information risk affecting more than just financial data. CPAs are adept at performing comprehensive risk assessments for businesses and developing risk management solutions that can give companies competitive marketplace advantages.

Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)
Risk management approaches based on business value. It matches business continuity capabilities and risks. The goal is to enable any organization to restore critical operational activities, manage communications, maintain system integrity, and minimize financial and other effects of a disaster, business disruption, or other major events.
IT Governance
A subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the on-going need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.

Enterprise Risk Management (ERM)
The methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress.

Embracing ERM: COSO’s Practical Approach to Getting Started
This COSO thought paper describes how an organization can start to move from informal risk management to ERM.  We discuss the increasing importance of and focus on ERM and the need for all types of organizations to understand and embrace ERM. Perceived barriers to starting ERM and working through those barriers are examined.