About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services SOC Examinations, IT Audit, & Third-Party Risk
Consulting Services
Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services ERP & Enterprise Software Advisory Fraud & Forensics SOC Examinations, IT Audit, & Third-Party Risk Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Insights & Events

At RubinBrown, we provide valuable insights detailing emerging trends and industry-specific information. Our events, hosted virtually and in-person, keep you informed and connected to the topics and industries that matter most to you and your organization.

View All Insights & Events
Jun 11

RubinBrown’s Leveraging Technology for Business Success

Learn More & Register
Jun 17

RubinBrown’s Rural Health Webinar Series

Learn More & Register

RubinBrown Sports Betting Index: March 2025 Analysis

Learn More

Tax Bill Watch 2025: Budget Resolution Compromise

Learn More

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Consulting Services

SOC Examinations, IT Audit, & Third-Party Risk

Transformation of technology is moving faster than ever. Trust is becoming paramount and we have a deeply experienced team for you.

SOC Examinations, IT Audit, & Third-Party Risk

Transformation of technology is moving faster than ever. Trust is becoming paramount and we have a deeply experienced team for you.

ERP Security and Controls

SOC Examination Services

Vendor Management & Third-Party Assessment Services

RubinBrown helps manage your information technology (IT) risk so you can manage your business and transform technology into a competitive advantage.

The RubinBrown IT Risk Services team brings the latest tools and methodologies to help you so you don't have to build out the skill sets due to rapid changes.

Unlike many technology risk advisors, RubinBrown, also offers a full range of business consulting services. Drawing on financial, management and operational expertise, we help smooth the technology transformation with the depth and breadth of our resources.

As IT is leveraged to continually improve business performance, the business risk IT represents increases.

Frequently Asked Cyber Security & IT Audit or Risk Questions

  • We’ve been asked for a SOC report, what do we do now?
  • We are acquiring a new entity, what do we need to do to evaluate technology and security prior to acquisition or integration?
  • What should we do if our teams need help supporting the IT efforts for SOX or SOC requirements?
  • Can you help us assess our security posture?
  • How can we test security for PCI, HIPAA, NIST or insurance premiums?
  • We have to be SOX compliance, which includes IT controls, how do we start?

Service Areas & Trusted Reporting

The AI Health Check provides a comprehensive analysis of your organization’s AI systems to identify potential risks and vulnerabilities. The base of the AI Health Check is the NIST Artificial Intelligence Risk Management Framework (AI RMF). We will use the framework to compare your organization’s AI systems against a tailored version of the outcomes described in the AI RMF. The AI RMF can also be completed for organizations that have not implemented AI systems as a means to evaluate the current governance practices in place. We can also complete an AI Risk Assessment as part of the AI Health Check to assist organizations with identifying AI-related risks and their potential impact on the organization.

Governance-as-a-Service (GaaS) provides a comprehensive framework to help organizations develop, implement, and optimize their AI governance and risk management practices. We can assist organizations with AI policy and strategy development that aligns with established risk appetite and tolerance levels.
Strategy-as-a-Service (SaaS) is designed to guide organizations on their AI journey by delivering a tailored AI roadmap with strategic recommendations. We will assist organizations by helping align their AI strategy with business objectives and market opportunities.

System and Organization Controls (SOC) Reports, with a contributing author to various AICPA SOC guidance, which gives you a credible voice of reason.

  • SOC 1®: Attestation for service organizations relevant to user entities' internal control over financial reporting (ICFR).
  • SOC 2®, SOC 3® and SOC for Cybersecurity: Attestation relevant to security, availability, processing integrity, confidentiality and/or privacy.
Hands on assistance from prior military, law enforcement and security leaders to meet your protection and compliance needs.

The Cyber Security Health Check for Financial Institutions combines the NIST Cybersecurity Framework (CSF) with the latest guidance from the FFIEC IT examination handbook and common cyber security frameworks, such as the CRI Profile and CIS Controls. The level of controls in the assessment are customized based on your organization’s size, complexity, and risk profile/maturity.

In addition, we have implemented elements from the OCC Cybersecurity Supervision Work Program (OCC Bulletin 2023-22), updated FDIC Information Technology Risk Examination (InTREx) procedures (FIL-52-2023), and NCUA Information Security Examination procedures (CORE and CORE+) to ensure high risk areas for financial institutions are covered as part of the assessment.

Our standardized, risk-based approach allows organizations to better track progress over time and potentially reduce the examination time regulators need to spend in areas covered by the assessment. The methodology allows us to configure the assessment to match your individual requirements and maturity level.

We are here to help finance and IT groups before the audit process takes place. We are also here to help as your internal auditors. Our top-down, risk-based approach to system and process controls will help you take this area of work off your plate, using a team who has Sarbanes-Oxley (SOX) experiences.
As part of our Mergers and Acquisition Services, you can select customized analyses focused on security, continuity, and IT costs.
Providing the team to assess your vendors/business partners throughout your business lifecycle for the technology compliance you depend on.
Embedding risk assurance into bot or artificial intelligence development, as well as testing automated controls, will ease you into this transformative business change.
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Public Accountant (CPA)
  • Certified Information Security Manager (CISM)
  • CompTIA Security+/Network+
  • Qualified Security Assessor (PCI DSS QSA)
  • Registered Professional Advanced (CMMC RPA) (consulting)
  • Certified CMMC Professional (CCP) and Assessor (CCA) (assessor)
  • Certified Cloud Security Professional (CCSP)
  • Certificate of Cloud Auditing Knowledge (CCAK)
  • Certificate of Cloud Security Knowledge (CCSK)
  • Certified in Risk and Information Systems Controls (CRISC)
  • Certified Ethical Hacker (CEH)
  • AWS Certified Security - Specialty
  • Certified Forensic Computer Examiner (CFCE)

Contact Us

IT Audit & Risk Services

Audrey Katcher, CPA, CISA, CITP, CGMA Partner audrey.katcher@rubinbrown.com 314-290-3420

Insights & Events

View All Insights & Events
Insight Article

Preparing for CMMC Compliance: Get Started!

Read This Article
Insight Article

Managing Business Email Compromise and Fraud Attacks

Read This Article
Insight Article

Application Situation: Third Party Patching

Read This Article

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2025 RubinBrown LLP
RubinBrown Executive Recruiting RubinBrown Advisors RubinBrown Corporate Finance