Technology Risk

EY teams provide assessment and attestation services to help companies understand and manage business risks related to technology in the Transformative Age.

What EY can do for you

Business and technology are converging rapidly. With technology becoming the business of every company, understanding information technology (IT) risk is becoming more important. The ability to understand these risks and bridge the knowledge gap that often exists between business and IT is the core strength of EY teams. The work of EY professionals help decision-makers to attain confidence by understanding risk and embedding trust.

The Technology Risk teams can help you achieve sustainable growth by supporting your efforts to protect your business performance, and by providing trusted communications on internal control and regulatory compliance to investors, management, regulators, customers and other stakeholders. EY teams will accomplish this by assessing technology risks that are introduced to businesses through:

Understanding your strategies, initiatives, processes and issues around IT controls, cybersecurity attestation, cloud assurance, certification, contractual compliance or software asset management
Providing services that help you navigate through the digital complexity to make confident and faster decisions

EY Professionals help you:

See the big picture related to technology risks so that you can make better, faster and more confident decisions
Create trust and confidence in financial reporting
Provide trusted communications and assurance on internal control or related to regulatory compliance to customers, alliances, strategic partners, governments and authorities
Identify, improve and respond to risks from advances in technology
Meet evolving regulatory and compliance requirements
Control compliance costs
Build trust in new technology products and services from the outset
Undertake proactive technology risk mitigation

Our services consist of:

Through this service, we gain a better understanding of technology risks and assess the related controls to help management implement better controls. Better controls and insights result in better information. Better information helps people make faster and more confident decisions.

This service involves performing IT-related procedures in support of financial statement audits and/or as part of the integrated audit, including evaluating IT general control design and operating effectiveness and testing application controls. We examine management controls within an IT infrastructure, in conjunction with a financial statement audit, internal audit or other form of attestation engagement. IT audits allow for:

Understanding IT-enabled business change (what is changing and why)
Deconstructing the flow of transactions and data in business processes from initiation to reporting
Critically analyzing business processes to identify where risks could occur
Assessing controls in place to address those risks
Advising on opportunities to enhance processes or controls, leveraging the significant technology investments made by clients

Through these efforts, we provide insights, candid observations and permitted services to help translate uncertainty into confidence, especially in the areas of emerging technologies and risks.
Here, we assess controls around security, privacy, confidentiality, availability and processing integrity.

An independent assessment is undertaken to:

Test management’s assertion over business processes and controls in the IT environment
Test business process and controls against specific attestation and agreed-upon procedures standards

EY’s approach assists companies with building stronger relationships with customers, investors, business partners and other stakeholders, by providing increased confidence in communications regarding internal controls. The increased confidence is provided through resulting assurance or attestation reports such as SOC1, SOC2, International Standard on Assurance Engagements (ISAE 3402) and others.
EY CertifyPoint is the global certification body for EY. As an accredited and independent certification institute, EY CertifyPoint can help organizations meet their basic requirements, as well as improve the efficiency and effectiveness of the business management systems. We keep the business at the center, identifying areas of redundancy, bottlenecks and potential efficiency gains by means of a systematic and independent certification approach aligned with recognized globally accepted standards.

We provide certification against ISO standards such as Information Security (ISO27001), Quality (ISO9001), IT Service Management (ISO20000), Business Continuity Management (ISO22301) and Environmental Management (ISO14001). Or we can help you assess your gaps and obtain the necessary readiness for certification. EY CertifyPoint also provides lead implementer and lead auditor courses, including certification of personnel for several ISO standards.
This service provides an objective assessment of the effectiveness of management and governance systems in terms of regulatory requirements and contracted services for outsourced business activities in an increasingly digitized, data-dependent and technology-enabled connected ecosystem.

We assist clients with conducting compliance assessments with respect to:

Specific laws and regulations applicable to the different lines of business, affecting both financial reporting and operations
General laws of the land of the country where the entity has operations
Internal company policies and procedures

Additionally, we create and deploy compliance management frameworks across different locations and business lines.
Here, we help enable contractual excellence and compliance by transparent contract steering, execution and monitoring while closing financial, contractual and operations “blind spots” in contractual relationships. Through our contractual compliance services, EY can help clients to improve contract management processes and systems, manage contract terms to achieve their desired outcomes, and improve supplier relationships. The service involves assisting clients with:

Understanding risk factors associated with each third party and contract type and to identify the areas of focus for the third-party audit plan
Performing agreed-upon procedures related to attributes of an organization’s client contracts; related contract systems, processes and controls; contract agreement structure; and a counterparty’s adherence to contract terms
Performing assessment services and providing recommendations in connection with a contract, a portfolio of contracts, related processes, systems and controls, and adherence to contract terms.

The Team

John Abbott

EY Global and EMEIA Technology Risk Leader

Transformational risk consulting and assurance leader. Globally minded. Strategic thinker. Passoniate about inclusivity in and outside of the workplace. Family first.

London, GBR

James Martin

EY Global Technology Risk Leader

Track record of leadership and innovation. Thought leader. Health fanatic (usually). Husband. Father.

Cleveland, USA

Our latest thinking

How can you turn digital risk into a source of competitive advantage?

In this transformative age, how risk is managed will become the key to unlocking the strategic upside of disruption.

Amy Brachio

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Technology Risk

What EY can do for you

The Team

John Abbott

James Martin

Our latest thinking

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Technology Risk

What EY can do for you

IT Audit

Attestation

Certification

Third-party Risk Management

Third-party Risk Compliance

Contract Risk Management

Software Asset Management (SAM)

The Team

John Abbott

James Martin

Our latest thinking