Information Technology (IT) is becoming increasingly important to the business strategy, operations and internal audit of most organizations today. An increased dependency on technology to deliver meaningful benefits to an organization can raise additional issues of security, integrity and control. At GYR, we understand how vital it is to manage these business and regulatory concerns. Our IT Audit & Risk Advisory Services Group can help protect your organization’s information systems, ensure compliance with regulatory requirements and provide insights to leverage IT controls to reduce costs and gain competitive advantage.

Our IT assurance professionals have many years of IT control and audit experience which is complemented by professional accreditations, such as Certified Information Systems Auditor (CISA), Certified in Risk & Information System Controls (CRISC), Certification in Risk Management Assurance (CRMA) and Certified Information Technology Professional (CITP) and affiliations, including membership in the Information Systems Auditing and Control Association (ISACA).

Through our IT Audit Service Group, GYR can assist clients with a full spectrum of IT assurance services, including technical, operational and security audits. Areas of review include:

  • Internal/external information systems audits
  • Internet and firewall audits (VA/PT)
  • Network and data security
  • Computer security
  • Client servers, local and wide area networks
  • Information systems policies and procedures
  • Disaster recovery and business continuity planning
  • E-commerce initiatives
  • Data processing by third party administrators (TPA)
  • IT audits

The integrity of information management and delivery is mission-critical to the stability of each client’s business. Our IT assurance professionals can identify, evaluate and recommend solutions to mitigate system vulnerabilities and leverage operational efficiencies across a wide range of service offerings.

IT Audit Services

  • Type I – Description of Information Systems Controls
  • Type II – Test of Controls
  • Information systems general controls and application systems controls reviews
  • Technical infrastructure and operational practices review
  • Corporate internal controls and compliance

IT Security Review

  • Audit, control and security of systems
  • Audit, control and security of networks and firewalls
  • Protection of internet systems – web and email servers

Information System Management

  • IT due diligence in support of M&A, strategic carve outs and divestitures
  • Strategic management planning and organization of information systems
  • Risk assessments
  • Business process evaluation
  • Review of policies and procedures
  • Disaster recovery and business continuity planning
  • Security awareness training


  • Internet and e-business application review, evaluation and planning
  • Audit, control and security of e-commerce