IT Risk and Audit Services

IT Risk Assessments

IT Risk Assessment Services

In today’s dynamic technology environments, organizations are exposed to many security risks that need to be mitigated by implementing the appropriate level of internal controls. These controls are critical, and have two facets: design of controls and operating effectiveness of controls. In addition, organizations are required to comply with a variety of regulations, including: 


Compass' IT Risk Assessment methodology reviews your IT environment and identifies risks, internal control weaknesses, and gaps in controls. The Assessment then breaks down the probability and impact of individual risks, and maps those risks to specific compliance regulations and/or various IT Security Frameworks, such as CoBIT, the NIST, and ISO27001/27002.

At the end of the engagement, Compass will develop a detailed written report that outlines the following:

  • Compliance requirement or security control in question
  • What your organization has in place compared to that compliance requirement or control objective
  • A risk rating that outlines the delta between the requirement and your current control
  • Clear, actionable remediation strategy to mitigate your risk

Whether you are trying to secure your organizations key systems as a best practice or comply with various federal/state/industry regulations, Compass will assist your organization in building a culture of security, comply with the regulations necessary for your business, all while helping you save time, money, and resources in the process. Contact us today to discuss your specific needs and learn more about how Compass can help!

Risk Management Blog Posts

Contact Us