IT Risk and Audit Services

IT Process & Controls Assessments

IT Process and Controls Assessment Services

Most organizations today rely heavily on a mix of internal and various third-party and local electronic systems to deliver their services and support to their customers. As a result, effective security controls are critical to ensure that the data contained within these systems are duly safeguarded and secured from unauthorized access.

The objective of this risk assessment is to assess the strength of the control environment and the adequacy of the related internal control framework in place over applications, both internally hosted and from third-party providers. Compass will use a multi-faceted approach that includes the following key tasks:

  • Site walkthroughs to evaluate IT infrastructure
  • Interviews with key stakeholders
  • Review of applicable policies and directives, along with components from generally accepted information technology (IT) governance frameworks such as NIST, COBIT, and ISO


  • Detailed assessment matrix that contains the reviewed controls, testing process, risks discovered and recommendations for mitigation
  • Executive Summary that will provide a high-level overview of the assessments, risks, and recommendations that can be shared with management or the board of directors
  • Data flow diagrams using Visio for all reviewed applications. Diagrams will be high-level and show flow from the user access point through to the application itself

Let Compass IT Compliance assist your organization in assessing any risks present through our IT Process and Controls Assessment so you can secure your information technology environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Policies and Procedures Blog Posts

Contact Us