The information technology and cybersecurity risk landscape continues to evolve dramatically for organizations.
Technology platforms have broadened to include collaborators and third-party vendors, as technology becomes an integral part of every organization. Simultaneously, information assets have become a key resource that organizations rely on to assess the needs of their various stakeholders and allocate resources to meet them. At the same time, cyberattacks (including ransomware and business email compromise) have increased in both frequency and sophistication, posing a threat that requires constant attention. Predictive intelligence is being leveraged to deploy attacks and broaden the reach across industries and organizations.
Engaging with industry-specialized IT audit partners that anticipate risks can:
- Play a critical role in strengthening an organization’s risk program, responding to emerging technology risks and improving the IT compliance and control environment
- Help identify, prioritize and mitigate risks at the intersection of IT and business processes
- Proactively monitor major changes to an organization and their IT road map
- Provide assurance that an organization’s IT risk management strategies and activities are effective and support the achievement of organizational goals
Baker Tilly IT audit professionals take a strategic, industry-focused approach, enabling board members and senior leadership to accelerate change that aligns with and supports the IT goals and objectives of the organization. We understand the magnitude of IT risks, and help our clients identify and focus on relevant and emerging risks at the strategic, operational, and business line levels for the enterprise.
Whether you seek risk assessment support, a co-sourced IT audit team, or a customized IT audit model, clients count on Baker Tilly for sound IT strategies, processes, controls and recommendations that further the organization’s strategic objectives.
Our transition to Baker Tilly caused minimal disruption. Since we’ve transitioned to Baker Tilly, the team has helped us rationalize our control environment, update process documentation and test the necessary controls.Internal audit client, CFO
Our IT audit solutions include:
Advisory
- Strategic IT advisory
- IT project implementation risk reviews
- IT risk assessments and framework maturity
- IT organizational effectiveness assessments
- End-user computing (spreadsheet) IT and data governance
- Resiliency – business continuity and disaster recovery planning
Assurance
- IT audit – risk assessment, outsourcing, co-sourcing, project specific support
- IT SOX – readiness, testing, controls optimization and rationalization
- IT regulatory compliance
Baker Tilly’s staff is extraordinarily professional and has provided our health system the highest level of service we have ever experienced from an audit firm.President and CEO
IT audit trends
This series highlights the top cybersecurity and IT audit trends that organizations are currently impacted by and the response mechanisms they can utilize to combat security threats.

Top five cybersecurity and IT audit trends that most impact an organization’s ability to respond to today’s challenges
New challenges and new considerations to old challenges are impacting organizations from an IT and cybersecurity perspective.

How to build an effective IT audit team during a time of skilled resourcing shortages
Explore strategies to staffing and building a high-performing IT audit team, including the advantages and benefits to co-sourcing.

The rise of proactive assurance, and why it's here to stay
Through proactive assurance, internal audit can add immediate and tangible value to an organization.

Elevate your cybersecurity program: Integrating program management and governance
Integrating program management with cybersecurity governance — through security by design, proof of concept validation, and continuous monitoring — can proactively strengthen resilience, reduce risk, and enhance organizational accountability.

Vendor-risk management: Evolving a healthy vendor ecosystem
How can vendor risk management help organizations build a resilient, well-balanced ecosystem that mitigates regulatory, operational and cybersecurity risks?
They are more than consultants. The Baker Tilly team raised the quality of our internal audit and risk management functions and helped us through the change management required to ensure success.Chief administrator and risk officer
Featured insights
By the numbers
Baker Tilly specialists have decades of experience serving organizations across industries (e.g., higher education, biotech, energy, financial services, research, real estate, healthcare, technology). They understand the challenges you face – governance, risk assessment (including taxonomy, risk register, frameworks), The Three Lines Model, analytics, monitoring and value-add reporting – so they know how information technology should and must operate in this environment. This matters when conducting audits, assessments and advisory work that provides recommendations to address and manage risk. Our team members are fully dedicated to IT audit, IT risk and cybersecurity.
Case studies
Health system strives to maintain data security working with Baker Tilly to conduct a HIPAA security risk assessment
Research university uses IT audit insights to fund network upgrades, expand IT/cyber team and create an IT governance function
Our professionals






























