SRA’s Information Technology and Security Practice is designed to support Banks and the Financial Services Industry with various technology opportunities and challenges. Leveraging extensive technology experience and leading practices, SRA develops and implements practical solutions tailored to the Organization and its culture.

By using SRA, the Organization obtains the support of experienced bankers and IT professionals with deep technical, security and control experience capable of providing independent assessments, creating actionable strategy and implementing solutions that provide immediate value. The SRA team advises executives on developing innovative processes and solutions in analytics, cybersecurity, privacy, counter fraud & forensics, enterprise risk, audit, compliance, mobility, cloud, and others to effectively manage the content and data needed to run the business, monitor transactions and mitigate risks.

The SRA Information Technology and Security Services team is experienced and prepared to assist client organizations with the challenges associated with the effective management of technology to mitigate threats and risks. SRA works with clients to assess, design, develop and implement a broad array of internal controls tools and technologies to manage and protect the organization.


Our services include:

IT Strategy and Governance

  • Assess and develop IT strategy and alignment to overall company objectives and regulatory requirements.
  • Perform independent and comprehensive evaluations of existing technology governance including policies, standards, procedures and processes.
  • Facilitate the development of new IT governance or strengthen existing documents ensuring that they incorporate regulatory and best practices such as FFIEC, Sarbanes-Oxley, ITIL, FISMA, COBIT, PMBOK, SANS, PCI, FIPS, ISO and others.
  • Provide guidance and assistance for strategy, development, maintenance and periodic review of technical governance documents (e.g., data standards, operational processes, project management, change control, and others).

IT Regulatory Compliance

  • Address IT regulatory requirements, identifying IT compliance issues, interacting with regulatory authorities, and responding to inquiries, investigations, and other regulatory actions.
  • Assess, develop and implement internal strategies for compliance through the development of governance, performance of periodic self-assessments and continuous monitoring and remediation.
  • Provide regulatory assessment services of IT environment and recommendations for improvement.

IT Internal Audit

  • Provide support for technical audit reviews including risk assessment, audit scope, audit program development, plan development, audit performance, reporting.
  • Perform or facilitate assessments and audits of IT pre and post implementation, application, operating system, database, network, IT infrastructure, process and hosting services.
  • Assist with efforts to manage and evaluate remediation efforts ensuring that effective and timely corrective actions are properly implemented and supported through governance and training.

IT Operations, Process, Readiness and Remediation Strategy

  • Assist with IT organization design and process mapping to improve the effectiveness and efficiency of IT processes that incorporate cybersecurity and audit related control requirements.
  • Establish control objectives for the IT organization, develop methodology for control self-assessments, performing periodic reviews and reporting results to management.
  • Assist with or perform periodic readiness assessment and remediation actions to ensure that regulatory requirements and best practices asserted by the IT organization are properly and effectively followed.
  • Develop reporting methods to management and provide recommendations for corrective action and training where necessary.

Cybersecurity Strategy and Privacy Services

  • Assess, develop and implement sustainable strategies, programs and technologies for managing organizational, data, application and infrastructure cyber risk.
  • Provide technical services such as security operations, vulnerability assessment, attack and penetration and others to address threats and risks to the organization.
  • Perform security risk assessments and identify opportunities for improving governance and controls designed to prevent, detect and correct security and privacy vulnerabilities.

GRC and ERM Solutions and Risk Systems Strategy, Design and Implementation

  • Design, develop and implement a strategy for managing governance, risk and compliance data.
  • Assist with the design, implementation, training and use of the GRC and ERM tools (SRA’s ERM Watchtower, etc.).
  • Provide periodic independent assessments of risks identified and control compliance asserted by the IT organization to ensure proper use of the GRC and ERM tools.

IT Risk Reporting and Analytics Systems Strategy, Design and Implementation

  • Develop strategy for reporting and analytics and the design and implement of processes and technologies supporting the organization’s risk management program.
  • Collect and analyze risk data to provide intelligence as to complex risk exposure reporting utilizing advanced modeling and data analytics capabilities.
  • Leverage SRA partner products to manage data analytics and management reporting.

Fraud Prevention and Detection

  • Design, develop and implement a program for preventing, detecting and evaluating potential fraud related transaction activity within the organization.
  • Establish process for continuous monitoring, reporting and action to address suspect activity.
  • Leverage SRA partner products to manage data analytics and management reporting.

Benefits of SRA’s Information Technology and Security Services Practice

Leverages the knowledge and expertise of an SRA’s professional staff that has deep knowledge and experience in information technology, security, Financial Services Industry, regulatory compliance and internal control.

Addresses key areas of IT compliance and leading practices for the Organization’s IT operation preparing for internal assessment and external reviews performed by regulatory and external audit entities.

Facilitates efforts to perform independent and objective assessments designed to identify action plans for establishing internal control and mitigating risks and vulnerabilities.

Identifies opportunities for improving overall effectiveness and efficiency of technology, security and IT controls across the organization to manage the content and data needed to run the business, monitor transactions and mitigate risks.

Establishes a framework for performing periodic risk self-assessments and ensuring compliance with regulatory requirements identifying opportunities and sustaining leading practices adopted by the IT organization.

Develops expectations and promotes a culture of awareness and compliance throughout the IT operation.

Results in increased awareness of technology and security issues and periodic management reporting that communicates risks, results, challenges and opportunities for improvement.