The adoption of new technologies also entails the introduction of a new type of risk, and organisations must therefore identify new control models to protect against the potential risks of data loss or violation, lack of interoperability between applications, and information system malfunctions. All these risks may have operational, financial or legal implications, and potential reputational damage.

Our team of experienced Risk Technology consultants can help you meet the challenges of a business that continues to evolve and can provide you with the right tools and methodologies to best utilise and implement new technologies within your organisation. Understanding strategies, initiatives, processes and issues related to IT controls, cybersecurity, cloud, IoT, certifications, contractual compliance.

We offer a range of customised technology consulting services that will help you mitigate digital risk, in line with regulations and industry best practices, to help you navigate digital complexity.

RSM professionals can support you in multiple activities:

  • Identifying, managing and mitigating key technological risks in innovative ways, providing customised tools and methodologies
  • Support in spending review and cost optimisation projects in the ICT and compliance fields
  • Providing assurance and reporting on financial reporting, the system of internal controls and compliance with key standards
  • Providing innovative tools for digitising processes to deliver products and services in new digital ways

Our Services

Our IT Governance & Risk services help organisations understand technology risks, including through the assessment of related controls, providing management with suggestions for defining and implementing effective controls.

Our methodologies involve assessing the structure of general IT controls in relation to the sector and context of the organisation, verifying their correct operational application through design and effectiveness analyses of the controls themselves.

We offer services for the various activities related to IT Governance & Risk:

  • Designing, auditing and evaluating the adequacy and effectiveness of general controls for information systems
  • Risk identification in information system management processes and assessment against international best practices (e.g. ISO27001, ISO27002, COBIT, ITIL)
  • Support in setting up ISO 27001 management systems and accompanying certification
  • Third-party audits, including SOC 1 or SOC 2 attestations according to international standards (e.g. ISAE 3000, ISAE 3402)

Our services help organisations establish a regulatory-compliant information governance framework that protects corporate data while mitigating the misuse of information, through the careful design of processes and procedures that provide people in your organisation with clarity about their data protection roles and responsibilities.

RSM can help you to:

  • Conduct assessments and audits to determine compliance with data protection requirements and assess the adequacy and effectiveness of privacy frameworks
  • Prepare and update data protection and data management policies and procedures, in line with best practices and standards in your industry
  • Carrying out training and awareness-raising activities for all the organisations' resources
  • Make recommendations in relation to the General Data Protection Regulation (GDPR)

The implementation or upgrading of a new management system (ERP) represents for organisations a path of considerable complexity with possible risks related to the information managed with particular attention to the processes affected by the new system.

RSM professionals dealing with risks related to the implementation of management systems also have significant experience in the implementation, design and audit of ERP systems in different sectors and organisational structures.

Our knowledge, experience and methodology help us analyse our clients' needs, providing support to verify that ERP solutions are tailored to your organisations.

We help you evaluate all strategic options, paying particular attention to the system integrator selected and the type of regulations applicable to your business environment (SOX, L262, GDPR, Tax regulations, etc.).

RSM can help you in several areas:


Project Management support during transformation projects (e.g. major and pervasive process changes, implementation of new systems). We act as an independent third party to monitor and mitigate project risks and enable you to effectively and efficiently achieve business objectives.


When choosing an 'out of the box' ERP solution, software houses are generally not responsible for the design of controls and the effectiveness of testing. With an understanding of your framework, specific controls and regulatory requirements, our job is to assess the control environment and design, review project documentation and identify control objectives and design them to be effective. We can also help you implement GRC tools to mitigate the risk of segregation of duty conflicts and assess the correct configuration of security controls and automatic "configurable" controls for major ERP applications.


When upgrading or changing an ERP system, significant differences emerge in the pattern of controls within the system itself. Previously present automations no longer function, or new functionality now available but to be configured as required. Our team can analyse your process and help you identify and design the new set of controls required and evaluate their configuration.


If resources or time constraints did not allow for the design of controls during implementation, or if unforeseen problems occur after go-live, we can assess both the design and operational effectiveness of controls. Using our tools, we quickly assess your environment to identify automated or security controls and recommend improvements and actions to remedy any deficiencies in risk mitigation.

Contact our experts

By clicking on the SUBMIT button, I hereby provide my explicit consent to the processing of the above personal data in accordance with the GDPR, for the sole purposes related to the processing of my request.