Information Technology Risk Management2023-08-22T12:12:11-04:00


Protecting Your Company’s Most Critical Assets

Companies are facing greater concerns about their existing operations and IT infrastructure due to the rapid speed of disruption innovations and technology. An effective information risk management program ensures the right foundation is in place to manage the accumulation of data and operationalize its use, develop and optimize internal controls, and ensure data security as technology evolves.

Information Technology Risk Management Services

The speed of disruptive innovations and technology means responsiveness matters. MorganFranklin assess and establishes effective solutions for data governance, security, and internal controls including:

IT SOX Compliance:

  • Coordinate companies’ IT SOX governance program activities​.
  • Execute readiness assessments to identify companies’ IT SOX control design gaps and design control remediation strategies.​
  • Assist companies with assessing and documenting IT SOX risk assessments, system scoping, IT general controls walkthroughs, and risk and control matrices. ​
  • Perform operational effectiveness testing of IT controls and financially significant IT dependencies.​
  • Assist clients in preparing IT SOX deficiency conclusions memos.

System Implementation Assurance:

  • Identify, assess, and/or test business, control, and project risks associated with the implementation of significant financial systems.

Optimizing Restricted Access and Segregation of Duties (“SoD”):

  • Conduct top-down, risk-based scoping assessments of clients’ environments to identify and classify restricted access and SoD risks​.
  • Assist companies implement GRC access solutions and define rulesets aligned with financially significant risks​.
  • Remediate identified SoD conflicts.

Implement Third-Party Assurance Governance and Processes:

  • Evaluate and remediate companies’ information security controls in preparation for third-party assurance certifications (e.g., SOC 2, HITRUST, ISO, etc.).

The MorganFranklin Way

MorganFranklin’s Risk & Regulatory Advisory practice has extensive experience providing IT compliance services to clients ranging from private growth companies to multi-national large Fortune 100 organizations across all industries, including Technology. ​

Related Services

Explore Content

Gain Insight on Preparing for Risk Advisory

Use this guide to bring key stakeholders in your organization up to speed on risk advisory.

Let’s Work Together

We are experienced, engaged professionals that are highly energetic and motivated to work in challenging, high stakes environments.

Go to Top