Information & Technology Risk


Information & Technology Risk

Managing risk and uncertainty, from the boardroom to the network

To ensure future success, businesses need to be aware of all the risks that threaten their operations. Technology is a critical component of any operation and a key enabler for achieving business objectives. Awareness of technology risks and impacts is vital to making informed decisions and mitigating risk appropriately.

Getting controls right enables organisations to effectively manage risks and drive performance. It also keeps costs down, increases revenue, secures assets, and meets legal and regulatory compliance requirements, as well as the expectations of clients, partners and shareholders.

Deloitte service offering

Deloitte provides a broad range of services to respond to a fast-paced and ever-changing environment:

Deloitte's IT risk professionals help organisations deal with issues related to business process, technology, operational and financial risk. Our aim is to enable clients to measure, manage and control risk, thereby enhancing the reliability of processes and systems across the board.


Information Technology Audit
Evaluate the design and effectiveness of internal controls related to Information Technology through ad-hoc IT audits or assurance reports


Cyber Security Management
Bring information security under explicit management control through security transformation, security management and security operational assistance


Identity & Access Management
Bring Identity Relationships under explicit management control through solutions providing business alignment, risk mitigation and cost control


Business Continuity Management
Assist in organisation resilience by designing, implementing, maintaining and testing business continuity plans


De-perimeterisation Risk & Security
Address the challenges raised by de-perimeterisation and the move of IT assets, users and data outside the traditional network perimeter; includes propositions related to cloud computing and mobile devices/BYOD risk & security


Infrastructure and Operations Security
Defend against and limit the impact of a cyber attack through the evaluation, architecture and implementation of operational security processes


Vulnerability Management
Defend against and limit the impact of a cyber attack through security assessment and remediation of IT infrastructure, software applications and wireless/mobile devices, including intrusion testing/penetration testing


Incident Response & Forensics
Defending against and limit the impact of a cyber attack through readiness assessment and supporting response to security incidents, including computer forensics


E-discovery & Litigation Support
Assess readiness and assist in responding to requests in the field of electronic documents collection and processing during legal proceedings


IT Regulatory Compliance in Financial Sector
Assess compliance with IT related regulations of the financial sector and assist in remediation through compliance assessments, assisting in communications with the Regulator, and definition of Target Operating Models


Privacy & Data Protection
Enhance privacy & data protection processes and solutions through requirements rationalisation, risk analysis & gap identification, and data protection & privacy programs


CSSF 13/554
On January 7, 2013, the CSSF issued circular 13/554 entitled “Evolution of the usage and control of the resources access tools”.



Roland Bastin

Roland Bastin

Partner | Information & Technology Risk

Roland is a partner within the advisory and consulting department and joined the Risk Advisory practice of Deloitte in 2001. He is responsible for IT audit, IT security, IT regulatory compliance, Data... More

Stéphane Hurtaud

Stéphane Hurtaud

Partner | Information & Technology Risk

Stéphane is a partner within our Risk Advisory practice. He has over 21 years of experience in the IT risk, Information Security and IT audit fields, with a strong focus on the financial services indu... More

Maxime Verac

Maxime Verac

Senior Manager | Information & Technology Risk

Maxime Verac is a Senior Manager within Deloitte’s Information & Technology Risk services in Luxembourg. He has 10 years of experience in Information Security. During the last 10 years, as a consultan... More