Tags
Independent assurance & reviews
Consulting
Risk consulting
Technology & digital consulting
Digital transformation and AI
Risk & regulation
Strategy & operations +3
Organisations in Switzerland face growing pressure to manage cyber and technology risks effectively - from regulators, auditors, boards and increasingly from clients. Forvis Mazars in Switzerland provides cyber and IT risk management services covering FINMA-related audit support, Governance, Risk & Compliance (GRC) consulting, structured risk assessments and risk and control framework development aligned with NIST CSF, COBIT, ISO 27001 and CIS Controls.
How we support organisations with cyber and IT risk management
FINMA Regulatory Audit and Internal Audit Support
Regulatory audits in Switzerland - particularly those under FINMA oversight place significant demands on technology and cybersecurity governance. We support organisations with the planning, execution and documentation of external and internal audits, including FINMA regulatory audits and internal audit activities aligned with IIA standards. Our support covers quality assurance and audit reporting, helping organisations strengthen their control environments and maintain audit readiness in complex technology and cybersecurity contexts.
Cyber Governance, Risk and Compliance (GRC) Consulting
Many organisations have cybersecurity controls in place but lack the governance structures to manage them consistently. We help establish, develop and monitor Governance, Risk & Compliance (GRC) frameworks for cyber and technology risks, identifying applicable regulatory requirements, defining suitable control mechanisms and building processes that hold up under operational, audit and regulatory scrutiny.
Cyber & IT Risk Assessments
Understanding your risk exposure requires more than a checklist. We conduct structured cyber and IT risk assessments to help organisations systematically identify, evaluate and prioritise cybersecurity and technology risks. Using recognised methodologies, we develop risk profiles and practical recommendations to strengthen governance, improve security posture and support risk-informed decision-making at operational and leadership levels.
Risk, Control Framework Development and Review (NIST, COBIT, ISO, CIS)
A well-designed control framework is the foundation of a defensible cybersecurity programme. We support organisations in developing, implementing and independently reviewing risk and control frameworks against recognised standards - including COBIT, ISO 27001 and CIS Controls. Our focus is on control environment quality, governance maturity and alignment with regulatory requirements and industry practice.
How can organisations integrate cyber risks into enterprise risk management and internal control systems?
Cyber risks are often managed in isolation from broader enterprise risk and internal control structures which creates gaps in governance, reporting and regulatory defensibility. Effective integration means mapping cyber threat scenarios to business impact, assigning accountable control owners and connecting cybersecurity reporting directly to board-level governance processes. The result is a risk architecture that supports informed decision-making, reduces regulatory exposure and holds up to audit review.
Cyber and IT risk management covers the identification, assessment and treatment of cybersecurity and technology risks affecting systems, operations, governance and regulatory compliance. In Switzerland, organisations across banking, insurance, asset management and other regulated sectors are strengthening these programmes in response to evolving threats and increasing regulatory expectations.
When do organisations typically seek cyber and IT risk support?
Most commonly when preparing for FINMA reviews or internal audits, assessing technology and cybersecurity exposures, or improving governance and compliance frameworks. Support is also frequently needed during technology transformations, regulatory reviews or when existing control environments come under scrutiny from auditors or regulators.
Which organisations typically require these services?
Organisations in regulated or technology-intensive sectors tend to have the most pressing requirements including banks, insurers, asset managers, healthcare providers, manufacturers and technology companies. Many face simultaneous pressure from cyber threats, regulatory requirements and audit functions.
Which frameworks and standards are commonly applied?
NIST 2.0 CSF, COBIT, ISO 27001 and CIS Controls are the most widely used. In Switzerland, these frameworks are regularly applied to strengthen cybersecurity governance, improve control environments and support FINMA-related audit and regulatory requirements.
What does a cyber and IT risk assessment include?
A structured assessment typically covers cybersecurity threats, technology risks, governance structures, control effectiveness and potential business impacts. The output helps organisations identify gaps, prioritise risks and improve their cybersecurity and risk management capabilities in line with operational and regulatory requirements.
What is the role of GRC in cybersecurity?
GRC frameworks provide the governance and oversight structures needed to manage cyber risks systematically - covering risk processes, compliance management and control monitoring. In regulated sectors, a well-designed cyber GRC programme supports accountability, regulatory alignment and sustainable governance over time.
Certains de ces cookies sont nécessaires, tandis que d'autres nous aident à analyser notre trafic, à diffuser de la publicité et à offrir des expériences personnalisées pour vous.
Pour plus d'informations sur les cookies que nous utilisons, veuillez vous référer à notre politique de confidentialité.