X

WHY

Connect with Us

IT Audit Services

We perform IT security audits for our clients that examines the management controls within the Information Security Management System according to the ISO 27001 standard. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining the confidentiality, integrity, and availability of data within scope of the ISMS, and that IT security controls are operating effectively to achieve the organization’s stated goals or objectives.

Brier & Thorn helps its clients accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of IT risk management, control, and governance processes surrounding the scope of the ISMS. Our auditing services act as a catalyst for improving our client’s governance, risk management and management controls by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, our advisors provide value to governing bodies and senior leadership as an objective source of independent advice.

The internal audit needs of each client is unique. Due to demand for a high level of service and expertise, many organizations prefer to have our ISO 27001 certified lead auditors meet all of their internal audit needs under a continuous, full-service outsourcing arrangement. Under this arrangement, our auditors report to the client’s audit committee and an appropriate corporate officer in order to assure the proper degree of objectivity and independence.

A COMPARATIVE ANALYSIS OF THE NUMEROUS IT RISK ASSESSMENT MODELS

Deconstructing the different risk assessment models that can be used in performing IT risk assessments.

THE ISO 27001 ASSET REGISTER

Understanding how to create and manage an ISO 27001 Asset Register, what goes in it, and why.

Background

Our internal audit methodology is used completely or in conjunction with a client’s existing methodology as the framework to build, execute and track a risk-based internal audit plan. This plan assists the client with managing process and technology risks and efficiently integrating technology within critical business processes. These services can help our clients better understand and monitor the performance of core operations and support functions, as well as ensure the proper level of control.

Our internal audit services provide the following benefits:

  • Assurance to external parties and compliance with applicable laws and regulations;
  • A completely independent process, and information technology (IT) internal audit sourcing capabilities that use industry leading practices;
  • Deep technical and analytical skills related to core process and related control assessments;
  • Elimination of time and cost associated with sourcing, hiring, training and retaining skilled personnel in noncore competency areas; and
  • Management’s ability to focus on more strategic initiatives, improving resource utilization.

riskmanagement_chart

Summary

In today’s rapidly evolving technological environment, a trusted advisor – one who not only provides relevant insights, but delivers a combination of strategic vision, proven expertise and practical experience – can enhance the value of your business with technology.

Our risk advisors helps CIOs and IT leaders design and implement advanced solutions in IT governance, security, data management, applications and compliance. By partnering with us, our clients perform with the same focus and excellence with which they manage day-to-day business operations. We work with clients to address IT security and privacy issues and deploy advanced and customized application and data management structures that not only solve problems, but add value to their business.

Brier & Thorn’s advisors partner with our client’s senior leadership to ensure that risk is appropriately considered in the strategy-setting process and is integrated with performance management.

Too often, risk is an afterthought to strategy setting and risk management is an appendage to performance management.  Recent events have reminded our clients that a comprehensive view of their risks is no longer a luxury, but a requirement, so that they can provide the appropriate incentives and controls to counter the potential for individuals to discount risks that are significant to their organizations.

Our advisors assist clients with implementing a practical approach to IT risk management that is integrated with existing management processes, with the goal of providing an enterprise-wide view of risk, improving information for decision-making, reducing the risk of costly surprises and positioning risk management as a differentiating skill.  We work with companies to design, implement and maintain effective capabilities to manage their most critical risks and address cultural and other organizational issues that can compromise those capabilities.  We help them evaluate technology solutions for reliable monitoring and reporting, and implement new processes successfully over time.

Our professionals help our clients develop, implement and maintain effective regulatory compliance programs that maximize the benefits of their investment and protect their reputations.

Today’s organizations face unprecedented challenges in managing risks and complying with laws, regulations and internal policies in a cost-effective manner. The costs of regulatory compliance are rising globally and by some estimates, U.S. companies spend more than $1 trillion dollars annually. Yet, the cost of non-compliance can be the loss of an entire enterprise.

We work with clients to identify, assess, and manage risks related to compliance. We take a holistic view of the organization when creating compliance solutions. Our experts have worked with clients around the world to align compliance and business strategy, integrate multiple compliance initiatives, improve technology infrastructure, implement technology software and controls, and create effective communication programs.

Client Results

We share our clients’ ambitions working to understand their reality and deliver true results – focusing on strategic decisions and practical actions. We align our incentives with our clients’ objectives so they know we’re in this together as a closely-held partnership.

Badger Meter secures smart meter SaaS platform with help from Brier & Thorn in development of new ISMS, ISO 27001 certification, and SOC 2 Type 1 attestation

Badger Meter strengthens IT security by retaining Brier & Thorn to build new ISMS, later receiving ISO 27001 certification and SOC 2 attestation.

Nationwide debt collection and cashflow management company meets PCI compliance and builds consumer confidence through new ISMS

In its recent divestiture from Expert Global Systems, Transworld Systems Inc retains Brier & Thorn to build new ISMS, create new cardholder data environment, and perform threat management services to help the company demonstrate PCI-DSS 3.1 compliance as well as move towards ISO 27001 certification and SOC 2 compliance.

SHARE