IT Audit and Consulting Services

Information technology controls should support and enable business objectives — not hinder them. Because organizations have unique characteristics and varying degrees of risk tolerance, there is no one-size-fits-all solution. At KraftCPAs, we help clients assess risks to their information systems and implement controls to mitigate risk based on their tolerance level.

Because of our team’s extensive IT internal audit experience, clients often turn to KraftCPAs to provide the hard-to-find technology and IT audit expertise that is typically not available or easily retained in most organizations’ internal audit departments.

KraftCPAs’ IT risk assessment procedures are designed to accommodate the objectives of the company and any applicable regulatory agencies. The security of your information systems is a crucial component of IT risk and is key to protecting your company and your customers.

Our Approach

• Enterprise-wide in scope (covering management, technical and operational controls)
• Based on a documented risk assessment
• Includes analysis of controls, policies, procedures and security measures
• Customizable to meet your needs

Our Services

Our team provides a variety of IT audit and consulting services, including:

• IT risk assessments and audits
• IT general and application control reviews
• Information security audits and assessments
• Network and cybersecurity
  • Network vulnerability testing
  • Penetration testing (external, internal, wireless, web application)
  • Social engineering
• HIPAA, HITECH, and HITRUST compliance assessment
• IT policies and procedures review and assessment
• Payment card industry (PCI) DSS compliance reviews
• Governance risk management and compliance (GRC)
• Enterprise risk management (ERM)
• Data analytics and analysis, in partnership with affiliate Kraft Analytics
• FFIEC audits
• Business continuity and disaster recovery plan facilitation and testing
• FISMA, NIST, ISO 27001 compliance assessments