Firm Profile > Services > Information Technology Consulting

Information Technology Consulting

We operate in an era where the average reported loss due to cyber crime is over $300,000*. Considering the potential for significant embarrassment and internal turmoil, and the penalties for non-compliance with laws and regulations, the need for an Information Technology Business and Security Strategy has never been greater.

The Bonadio Group’s Information Technology Consulting services are designed to help our clients maintain confidentiality, integrity, and availability of data, assets, and infrastructures. We also assist companies in complying with the ever-growing myriad of federal and state regulations relating to information security and data protection. We perform physical, administrative, and technical security reviews; conduct data and infrastructure security assessments; support internal audit departments; and have a wealth of experience in policies, procedures, and controls authoring and compliance management.

Our technology consulting staff has an extensive background in assessing, auditing, testing, and reviewing controls, as well as remediation, penetration, and vulnerability assessment. We perform this work for clients that range from small to those with SAP, Oracle, and ERM applications. We hold advanced management degrees and maintain dozens of certifications, including HIPAA Privacy and Security compliance, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), GIAC PCI Auditor, Certified Fraud Examiner (CFE), Business Continuity Planner(CBCP), and Certified Ethical Hacker (CEH), among others.

We are also a voting member on the Healthcare Information Technology Standards Panel of the American National Standards Institute (ANSI) and contributors to the process of defining interoperability standards for Electronic Medical Records and e-prescribing.

Services offered through The Bonadio Information Technology Consulting Group include:

Infrastructure Risk Management

  • Internal and External Audit
  • IT Security and Business Reviews, Assessments & Audits
  • Strategic Technology Assessments
  • Fraud and Illegal Acts
  • C3 - Conscious-Consistent-Controls Practices

Security Services

  • Regulatory Compliance
  • Segregation of Duties Assessments
  • Penetration/Vulnerability Testing
  • Social Engineering - Physical, Administrative, and Technical
  • Awareness Training
  • CIA - Confidentiality, Integrity, and Availability Audits

IT Software Consulting

  • Accounting Systems Analysis and Design
  • Cross Industry Decision Support Systems
  • Accounting Software: Sales, Installation, Training, Support

IT Managed Services

  • CISO in a box
  • Strategic Planning
  • Project Management
  • Steering Committee Advice

Law, Regulatory, and Standards Compliance

  • SAS70
    • Type I
    • Type II
  • Review, Assessment, and Audit in
    • PCAOB
    • CoBIT/COSO/SOX404
    • FTC/GLBA
    • HIPAA
    • FISMA
    • FERPA
    • State and Federal Privacy Acts
    • Bank Secrecy Act
    • FFIEC
    • NCUA
    • PCI DSS
    • ISO 17799
    • Medicaid
    • and multiple other federal and state regulations

Business Continuity/Disaster Recovery

  • Business Impact Analysis
  • Reviews
  • Assessments
  • Audits
  • Continuity Planning


For more information on Bonadio Information Technology Consulting services, call us at (800) 487-7624 or contact us.


* According to the 2007 CSI/FBI Cyber Crime Survey


The Bonadio Group is the largest independent CPA firm in upstate New York, providing accounting, tax, business advisory, and financial services.
With offices in Rochester, Buffalo, Syracuse, Geneva, and Perry, we serve the needs of commercial, small business, public, not-for-profit, and individual clients.