Secure your operations

CRI helps you focus on strengthening your IT operations and growing your business.

A clear “picture” of today’s information technology (IT) landscape likely shows that organizations most often face the following challenges:

Although any of these items can happen in a flash, you can limit your organization’s exposure to these risks by working with the right IT auditing team.

CRI’s IT audits and assurance team has a proven track record of successfully angling clients toward their best sides. Our team evaluates, advises, and exposes our clients to a variety of IT security measures such as security procedures, internal control improvements, and user training programs. These measures enlighten our clients to reduced IT-related costs and increased transparency of IT operations. Our expertise in data security threats, privacy regulations, and security best practices results in unbiased recommendations for risk mitigation strategies designed to protect your company. The bottom line is that CRI’s IT audit and assurance team helps you focus your “lens” on strengthening your IT operations while growing your business.

Straight Talk 

Translating technical jargon into a plain English “text.” 
We are really starting to use ACH and wire transfers. We have very large payrolls and a lot of vendors to pay. I don’t understand how all of the details work and want to make sure we have good controls in place so our transactions are secure, complete, and accurate. Our bank says that they are, but they are also selling me the service. Should we consider third-party testing?
Yes, independent testing and verification is advised, and you are right to be concerned. Electronic banking and ACH payments are big targets for bad guys. About how many people are on your payroll? Also, about how many vendors do you pay?
We have approximately 300 employees plus 200 vendors.
OK. There are several controls that need to be in place and tested. The first is the security around your bank log-in credentials and transactions. When you log in to your bank, do you have a token with a number that changes pretty often and is required for you to complete an ACH?
No, we don’t. The bank tells me that I have a certificate on my workstation that keeps the transaction safe.
Well, that may not be as secure as we once thought. The latest “Trojan” software keeps every keystroke you make and every screen at which you look. Then it will “phone home” and let the bad guy know that the information is ready. As if that’s not bad enough, it then opens a remote control capability to let the hacker use your workstation and its security certificate.
So the cybercriminals could do an ACH or a wire transfer?
It’s possible. We recommend using a financial institution that requires true two-factor authentication for online banking.
What’s that?
The application requires two of any of the following to make the transaction more secure:
• something you know – usually the password,
• something you have – usually a token that is not on the device on which you’re completing the transaction, or
• something you are – your fingerprint, for example.

We also recommend that you set limits for the maximum amount of any single transaction.

It sounds like we should have you review our ACH and wire transfer processes. What else would you suggest?
We can absolutely do that review. Really, you’ll want to complete an IT audit to test all of those controls around the financial applications, such as access controls, segregation of duties, and the sensitive data those applications contain. An IT audit is often faster and more affordable than you think.
Great! Can you put together a quote to complete an IT audit for us?
Absolutely. I will give you a call to get the additional details for the quote.
William Stuart, IT Manager, National Security Group
“We began working with CRI’s IT team on SOX compliance almost 10 years ago. They had a great balance of IT and compliance knowledge and worked with us to design a compliance program around our existing processes. From identifying controls and mapping objectives to designing policies and building test plans, CRI helped us put in a place a compliance program that has served us well for almost a decade. We continue to use CRI for our internal quarterly testing, and they have provided efficient service and sound advice throughout the years. CRI’s IT team has become an important partner and trusted advisor to our organization.”



Client SNAPshot

CLIENT:Entertainment facility with $1+ billion in annual revenues
SCOPE:Four engagements across three years
PROJECTS:Annual IT audit uncovered access control errors that could have allowed unlimited promotion awards.
RETURNS:Priceless identification and creation of internal controls to protect client. Controls now limit the total promotion dollars, as well as create the ability to track and detect fraudulent promotions.
Priceless protection

As a HITRUST CSF Assessor, CRI can perform assessment engagements for clients seeking HITRUST Validation or Certification reports. We can also assist clients with the adoption of the CSF framework, implementation, and remediation efforts following adoption. Visit the HITRUST Alliance website for more information.

Defining Zero Day and Minimizing IT Risks

Reasons to Outsource Internal IT Audit Function

Community Bank Penetration Testing Benefits

Solutions Simplified

Down-to-earth descriptions of our services.

Business Continuity & Disaster Recovery

Every entity has some risk associated with the loss of its IT, systems, and automated business processes. Whether it is a pandemic disaster or a loss of a key IT component, entities need to be able to adequately and swiftly recover to full operations. Thus, organizations need to create business continuity and disaster recovery plans. But those plans are subject to risk — specifically, the risk of failure to recover successfully. Let our team of professionals help you develop and/or test those plans to provide comfort and assurance that your recovery — if needed — will be full and timely.

IT Audits

IT audits help organizations:

  • meet compliance requirements,
  • gain competitive advantages,
  • improve their security posture, and
  • obtain objective assurance about the IT environment.

Threats to and reliance on IT in today’s environment increase the need for all entities to conduct an IT audit. Our experienced, credentialed, and certified IT audit professionals can help you with these and other related needs.