IT Advisory & Risk Assurance

In an era when technology has become essential to the running of almost every organisation, the slightest disruption to IT services can have catastrophic results.

RSM Belgium offer IT advisory services that can identify and manage the risks that your organisation faces. Our team is staffed with experienced professionals across all technology risk disciplines, including areas such as cyber security, information security, data analytics and social media. We have the knowledge and practical experience to help you to manage your IT risks before they become a problem. In addition to seasoned auditors, our team includes individuals from a practitioner background.

Among these are former network managers and technical IT security architects who now provide organisations with in-depth technical risk assurance solutions and advice. We pride ourselves on providing clients with genuine experts in their field, and have specialist teams in the following areas:




  • Data analytics and advisory
  • Information security
  • Cyber security
  • Privacy
  • Project risk assurance
  • Business continuity
  • Regulatory and compliance (for example SOX, ISAE 3402, PCI, DPA)
  • IT due diligence
  • IT strategy and service management
  • Cloud Advisor


Storing large amounts of information has become far simpler and easier in recent years. The skill is in leveraging mass data to gain new insights and ultimately drive growth. That’s where RSM’s wide range of data and IT advisory services comes in. Businesses looking for a competitive edge can take advantage of the increased ease in which large amounts of data can now be obtained and stored. Good use of data can lead to a deeper understanding of business processes, the workforce, supply chain management and even customer behaviour. Risk, compliance, and internal audit teams have found they can transform their practices using data analysis techniques, gaining insights into compliance issues, fraud and control breakdowns. RSM offers a wide range of services designed to ensure your data is complete and accurate, as well as advanced data analytics to help you drive new insights. Our team of analytics experts can tailor its services to meet your individual needs. We can help you with:

  • Audit analytics
  • Enterprise architecture
  • IT general controls
  • Application controls
  • Big Data and the Internet of Things


RSM’s specialist information security team has a wealth of experience in delivering advice and risk assurance as well as providing information governance solutions.

The need for information security underpins all IT systems, given the nature and volumes of data that such systems hold. We therefore believe that all organisations should consider information security a key ingredient of their corporate governance frameworks. Our proven assurance methodology focuses on the risks that matter. As a basis we use ISO 27001 framework combined with NIS T or MEHA RI to provide remediation where required. Our seasoned team has worked for many years in delivering risk assurance and IT advisory services.

We’re also experienced at developing and implementing information security solutions for our clients. This means we can offer you practical, tried-and-tested advice which is underpinned by a modern, leading edge methodology.

  • Information risk identification
  • Information security assessment
  • ISO27001 compliance assessment
  • ISO27001 implementation and certification guidance
  • Information security programme management
  • Internal audit services


Nowadays, cyber security threats can occur from both in and outside organisations. Statistics show that 80% of irregularities and fraud are still coming internal lack of control. However, the impact of external threats tends to be much bigger and the continuity of your organisation might be at stake. Therefore, it is crucial to start working on the vulnerabilities you currently have to minimise any future risks. Based on the three lines of defence in cybersecurity Assurance, RSM can guide you from a current state assessment to the complete implementation of a cybersecurity programme. Our cyber security services guarantee you the perfect integration of the different domains in order to avoid double or counteracting measures.

  • Cybersecurity assessment
  • Cybersecurity programme management


With the European General Data Protection Regulation (GDPR), privacy has become a top corporate concern. These new privacy regulations, the required reforms, new technologies and associated risks form new challenges for management.

RSM can provide you with the necessary knowledge and expertise to face those challenges head on. For companies that manage large amounts of personal information, privacy management is vital to mitigating security risks and protecting the identities and personal information of all stakeholders. We offer:

  • Define information flows
  • Data classification processing
  • GDPR compliance assessment
  • Provision of data protection officers
  • GDPR compliance programme


There are many laws and regulations that have an IT impact. RSM professionals have the expertise to translate legal requirements into pragmatic IT measures. To give some examples: Sarbanes-Oxley, ISAE 3402 type I and/or type II assessments and implementations can be coached or completely executed by our specialist teams.


When discussing Project Assurance services, there are different levels to consider. The GRC level services define the standards, communication lines, organisation and dispensation of all projects. This might be specified into portfolio and/or programme management rules. The difference between those two is that a portfolio is defined as a set of projects, whereas a programme is defined as a set of projects with the same strategic goal.

On a management level, we can assist you in project / program management processes. We have the expertise to implement project methodologies such as PMBOK or Prince2 and define System Development Life Cycle (SDLC). We can also change management processes or deliver program management skills. We offer expertise in:

  • Investment management
  • Project administration
  • Project risk management
  • Issue management
  • Assumption management
  • Change management
  • Progress management
  • Project audit
  • Quality assurance

These are the processes that should be looked at when discussing programme management office processes. However, all these processes can be considered separately. Often, large projects are completed with the assistance of a project risk manager. Although the pure project management role is not the key focus of RSM Project Assurance, the risk manager surely is.


Business continuity is the ability to maintain essential business functions during, as well as after, a disaster. Business continuity planning establishes risk management processes and procedures. They aim to prevent interruptions to mission-critical services and re-establish full function to the organisation as quickly and smoothly as possible. Disaster Recovery is one of the sub-processes of BCM and encompasses the recovery of IT systems and operations. RSM professionals can help you with:

  • ·         Business impact analysis
  • ·         Disaster recovery plan
  • ·         Business continuity plan
  • ·         Business continuity management


RSM Belgium’s IT due diligence service covers the effectiveness and resilience of core IT systems and operations. It also seeks to provide insights into the scalability and extensibility of technology usage in the target entity to support future growth plans.

A rigorous IT due diligence can be critical in a deal situation. With the increased reliance of all businesses on technology, the importance of assessing the target’s strengths and weaknesses in its use of IT is greater than ever. Our service covers the effectiveness and resilience of core IT systems and operations, but also seeks to provide insights into the scalability and extensibility of technology usage in the target entity to support future growth plans. Whether on the buy or the sell side, our experienced technology consulting team can provide assurance and advice on the strategic opportunities that IT offers, as well as any underlying risks. Our core IT due diligence service covers:

  • IT infrastructure, networks and systems
  • IT governance and controls
  • IT continuity and disaster recovery arrangements
  • IT skills and staffing, including third party arrangements

Our extended IT advisory services also address the question of how technology can support and drive the target’s business growth plans – for example through new channels, the addition of new products or services, or growth into international markets.


Every organisation relies on IT systems. RSM professionals can assist in defining IT as an enabler for your organisation and translate your business strategy into a future-proof IT strategy. Our IT advisory services deal with technological aspects such as networks, systems, applications and governance aspects such as service management, project management, security and HR.


The shift from traditional ‘on-premise’ IT to technology services delivered via the internet represents the biggest change in corporate IT since the introduction of the PC. And it’s here to stay. We can help you make the most of what the cloud has to offer. More and more SMEs and midmarket organisations are replacing their physical servers and systems with IT services delivered via the cloud. Moving to the cloud can bring big advantages. These include:

  • Spreading IT investment costs;
  • Better flexibility; and
  • Allowing management to focus on the core business instead of maintaining IT systems.

But the cloud offers a diverse set of IT services and it’s important to understand what you are looking for and which providers meet your needs. It is also critical to conduct full due diligence on cloud suppliers before making any commitments. You need to know, for example, that there will be mechanisms in place to allow you to retrieve your data should the supplier cease trading. The range of cloud services available include:

  • Software-as-a-Service (SaaS), such as NetSuite or
  • Infrastructure-as-a-Service (Iaas), such as Amazon Web services or Rackspace
  • Business Process-as-a-Service (BPaaS);
  • Managed desktop
  • Unifiedcomms

RSM can help you navigate the complexity of the cloud, understand what services are right for you, identify potential suppliers, help you select the right ones for your business and help ensure a smooth migration from your legacy IT to the cloud.

Working closely with our colleagues in IT advisory, fraud risk services and consulting, we’ll tailor our integrated service to your needs.


To find out how RSM’s IT assurance team can help your organization manage its technology-related risks, please contact

Steven Vermeulen : +32 (0)3 449 57 51



Link to profile






Please feel free to consult our general sales terms and conditions for providing services : General terms & conditions


Our Newsletters