| IT Risk Assessment consists of an analysis of the probability and impact from different negative scenarios that may affect an organization’s IT environment. Risks are reduced through controls that make the occurrence of a negative event less likely.
A risk assessment is especially valuable to develop intelligent audit plans, detailed schedules and work programs. Also important is the value added through an efficient allocation of IT resources.
Continental’s risk approach is based on industry best practices from the US National Institute of Standards and Technology (NIST) and the Institute of Internal Auditors (IIA). We also use Federal Financial Institutions Examination Council (FFIEC) guidelines.
Continental auditors start with a survey of the technology that exists in an organization (systems, applications, networks, databases, facilities, key personnel) and identify specific threats and vulnerabilities. We use classic risk calculations to measure inherent and residual risks taking into account existing security controls. Where gaps in controls are identified, remedial action is recommended to the appropriate management.
Some of the areas that we cover in our IT risk assessments are displayed to the right. Please contact Continental Audit Services to request a proposal tailored to meet your specific requirements. |
