IT Risk Management

In a rapidly changing IT environment, it is not always easy to determine where to start when identifying risks, this is where we provide effective support. Our service is designed for those who want to take the first conscious steps toward managing IT risks or gain a comprehensive and realistic overview of the risks affecting their organization.

Relying on internationally recognized frameworks (ISO, COBIT, SOC2, SOX), we identify real threats, assess existing controls, and highlight actual gaps. This supports informed decision-making while saving time and effort, especially when responding to partner questionnaires or preparing for audits (such as Segregation of Duties audits).

The action plans we develop together are practical, realistic, and aligned with actual risks. Our goal is to help you understand your organization’s IT risk readiness and establish a solid foundation for confident, up‑to‑date operations, whether to meet internal expectations or external partner requirements.

Who do we recommend it for?

  • Company executives
  • IT Managers
  • Heads of Internal Audit

What do we do?

1. Threat assessment based on the selected framework

  • Processing partner questionnaires
  • Pre-audit risk assessments
  • Risk analysis prior to system or application implementations
  • Business Continuity Planning (BCP), Disaster Recovery Planning (DRP) and Business Impact Analysis

2. Control assessment

  • Segregation of Duties (SoD) audits (e.g. based on ISO or SOX frameworks)
  • Authorization reviews

3. Residual risk determination

4. Development of action plans and support for their implementation

Why is is useful?

Achieving business objectives requires management to be aware of the risks that may hinder (or support) those objectives, as well as the available risk treatment options.

Based on the selected risk management framework (e.g. ISO 31000, COSO, COBIT 5), we identify inherent risks and assess relevant controls, making visible those risks that truly require attention.

We support the design and implementation of action plans aimed at reducing identified risks. There is no 100% security, the goal is effective, risk‑proportionate protection.

Your personal contact:

Ferenc Smohay

Partner

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None