Compliance and Audit Support
Many organizations do not have the in-house expertise or staff compliment to provide audit comfort around cyber security initiatives within their organization. With increasing pressure from risk and audit committees wanting to understand the cyber security health of their environments, it is important to have this capability on hand.
We provide full cyber security audit support including:
- Control matrix development based on recognized standards
- Audit prioritization based on risk
- Maturity assessments
- Full control testing
- Technical testing of operating systems, network infrastructure and supporting systems
- Vulnerability and penetration testing assurance
- Cyber security management and risk assessment reviews
- Regulatory Compliance Audits (OSFI, SOX, NERC CIP, PIPEDA, FIPPA, etc.)
We have certified information systems auditors (CISA) with previous experience working in the Big 4 accounting firms on staff and have provided audit services to a wide range of clients in the public and private sectors across the country.
We understand risk and how it links to controls and the reports we write contain both technical details to understand and address the issues, but also executive level summaries that clearly identify the risk to business in plain and simple terms.