Today’s dynamically changing risk environment requires business leaders to be resilient. They must take a focused and targeted approach to managing and neutralizing risk within their IT environments, and meeting compliance requirements. Leaders must also have the agility to respond to the quickly evolving marketplace and business growth demands.
CohnReznick’s holistic technology risk solutions are tailored to address your strategic business drivers, emerging technologies, compliance needs, and the ability to “do more with less.” With a comprehensive view of the technology risk and extended environment, including vendors, the cloud and business partners, we offer an end-to-end suite of technology risk management services. Whether augmenting your staff or engaging on a specific project, our team of experienced and certified professionals delivers value-added services and seizes opportunities to share insights and help you develop a cohesive risk-aware culture.
IT audit, assurance, and compliance
- Compliance readiness and assessment – CMMC, DFARS, SCRM, FedRAMP, GDPR, PCI DSS, HIPAA, MAR, NIST, FISCAM, OMB A-123, FISMA, information assurance, SOC reports
- IT audit and assurance support
- Risk remediation and mitigation, including controls implementation
Technology risk management and transformation
- Technology risk governance and management
- Risk, process, and controls transformation and optimization
- Infrastructure and applications controls design and deployment
- Enterprise application security design and implementation
- Cloud risk strategy and security
- Emerging technology risk management – Artificial intelligence, machine learning, robotic process automation, blockchain solutions
- Vendor risk management process and security assessment and remediation
Governance, risk, and compliance (GRC) technologies
- Specialized GRC assessments
- GRC technology integration
- GRC technology functional support
Risk intelligence and automation
- Risk, process, and controls automation
- Risk quantification and financial impact
- Risk intelligence and monitoring
- Risk maturity ranking
InsightSEC proposes new rules on public company cybersecurity incident reporting, risk management disclosuresBhavesh VadhaniPublic companies could face a tight new timeline for disclosing material incidents, plus mandates to detail how they manage cyber risk. Read more.
InsightNew law requires ‘critical infrastructure’ organizations to report cybersecurity incidents, ransomware paymentsBhavesh Vadhani, Daryouche Behboudi, Deborah NitkaThe Cyber Incident Reporting for Critical Infrastructure Act requires certain entities to report attacks within 72 hours, ransomware payments within 24.
InsightFuture of cannabis – Cannabis Quarterly insights, Q1 2022Read our team’s perspectives on taxation, data strategy, and data privacy (including California’s CPRA) in CohnReznick’s CannaQuarterly newsletter.
InsightSEC proposes cybersecurity rules, incident disclosure for investment funds and advisorsIn addition to strengthening threat management, information protection, and other key areas, the SEC aims to boost board oversight. Read more.