Cyber & Technology Risk
Audits, particularly FINMA regulatory audits and internal audit support
Governance, Risk & Compliance (GRC) consultancy for cyber risks
Conducting cyber and IT risk assessments
Development and review of risk and control frameworks (NIST, COBIT, ISO, CIS, etc.)
Governance, Risk & Compliance (GRC) consultancy for cyber risks
Conducting cyber and IT risk assessments
Development and review of risk and control frameworks (NIST, COBIT, ISO, CIS, etc.)
Support for external and internal audits (FINMA, IIA) | We assist you with the planning, execution and documentation of audits, with a focus on FINMA regulatory requirements. We also offer comprehensive support for internal audit functions, including audit execution, quality control and the preparation of audit reports. |
Governance, Risk & Compliance (GRC) consulting for cyber risks | We advise you on establishing, developing and monitoring your governance, risk and compliance structures in the field of cybersecurity. This includes identifying relevant regulatory requirements, defining suitable control mechanisms and developing sustainable GRC processes. |
| We carry out structured risk analyses to systematically identify, assess and prioritise cyber and IT risks. Using recognised methodologies, we create risk profiles and recommendations for action to strengthen your security posture in a targeted manner. |
Development and Audit of Risk & Control Frameworks (NIST, COBIT, ISO, CIS, etc.) | We support you in the design, implementation and independent auditing of risk and control frameworks in accordance with international standards such as NIST CSF, COBIT, ISO 27001 or CIS Controls. Our focus is on ensuring an effective control environment that optimally meets regulatory requirements and best practices. |
How can we integrate my cyber risks into an overarching risk management and internal control system?
Cyber risks should be embedded into your enterprise risk framework by aligning threat scenarios with business impact, defining clear risk ownership, and linking security controls to your internal control system. Integrating cyber risk into executive reporting enables leadership to make informed, risk-based decisions while ensuring regulatory defensiveness and operational resilience.
How can we integrate cyber risks into our enterprise risk management (ERM) and internal control system (ICS)?
We embed cyber risks directly into your existing ERM and ICS structures by mapping threat scenarios to business impact, defining accountable control owners, and aligning reporting with executive governance. The result is a defensible, audit-ready risk architecture that enables informed decision-making at board level while reducing regulatory exposure.
Plus d’infos ?
