When evaluating a target company, buyers must understand the target’s level of technology sophistication. GBQ’s IT risk advisory professionals assist clients in building and adapting risk management capabilities in times of significant expansion and regulatory change.


  • Development & assessment of IT risk based internal audit program
  • Information systems control reviews based on industry best practices
  • Assessment of IT compliance or readiness for Sarbanes-Oxley (e.g., SOX 404)
  • Compliance assessments for privacy requirements (e.g., GLBA and HIPAA)
  • SSAE 16 (SAS 70) audits and agreed-upon procedures
  • Internal control reviews of the platforms and applications supporting your key business processes
  • Network security/vulnerability assessments and penetration testing
  • IT organizational, platform, cost, and scalability analysis