Back To Top

IT Audits

Grow Confidently

Whether you are being driven by regulatory requirements, or are just concerned about proper governance over your internal controls, we can design a level of service to fit the needs of your institution.

YHB’s Risk Advisory Services Team includes Certified Information Technology Professionals (CITPs) and Certified Information Systems Auditors (CISAs), as well as CPAs. Also, all team members are focused on auditing, testing and consulting on internal controls and information technology systems for clients, which range from startups, family businesses and healthcare organizations to franchisors, community banks and large public companies.

As a result, YHB offers a depth of expertise and understanding that enables us to provide an exceptionally high level of service scalable to your particular needs. This translates into the peace of mind of knowing that your systems and controls are fully documented and in tip-top shape.

Information Technology Services:

  • IT Audits (SysTrust & COBIT)
  • Business IT Evaluations
  • Sarbanes Oxley (404) Testing
  • Vulnerability Assessments
  • Social Engineering

Compliance Services:

  • ACH Compliance Audits
  • Investment Adviser Custody Examinations
  • GLBA Examinations
  • HIPPA Compliance Examinations
  • Service Organization Control (SOC)

Other Services:

  • Security Assessments
  • Business Continuity Consulting
  • Computer Forensics
  • IT Governance Consulting
Let's Talk

Contact us when it’s time to move forward.

Brad Brosig
X
Brad Brosig
CISA
Connect:
Industries
About Brad

A Western Pennsylvania native, Brad graduated from Indiana University of Pennsylvania in 2014 with bachelor’s degrees in both Accounting and Management Information Systems. He joined YHB that same year, spending the next five years focusing on the financial services industry by conducting internal and external financial audits, FDICIA/SOX compliance, IT audits, and ACH audits.

In 2019 Brad became a Certified Information Systems Auditor and shifted to focusing exclusively on IT-related auditing and consulting services, including the addition of vulnerability assessments, penetration testing, and SOC auditing to his repertoire. Brad’s primary goal is to help his clients find ways to control risk in an uncontrollable and risky world. He regards every engagement not as a transaction, but as a partnership, with his clients’ interests at the forefront. His primary goal was not just to deliver cutting-edge solutions, but to empower his clients with the knowledge and strategies to navigate the volatile landscape of IT risks confidently.

 

·   ·   ·   ·

 

What Clients are Saying

 

“Bryan Newlin, Brad Brosig, and their team have always been very knowledgeable and have provided excellent recommendations. Even outside of audit periods we are able to ask them questions and a response is always quick and informative.” – Anonymous

Mike Janelsins
X
Mike Janelsins
MBA
Connect:
Specialties
ABOUT MIKE

Mike Janelsins serves as an Audit Manager on the Risk Advisory Services team, joining YHB in 2023. He brings over 17 years of experience, specializing in SOX/Internal Controls, Internal Audit, and Enterprise and Operational Risk Management services. Mike holds a degree in Accounting from the University of North Carolina at Wilmington (2005) and earned an MBA from the University of Baltimore in 2010. 

Mike leverages his extensive background and expertise in risk and audit management to provide clients at YHB with tailored solutions and insights, optimizing their processes.

Bryan Newlin
X
About Bryan

Bryan began his career with YHB in 2005, and has been a key leader in YHB’s respected Risk Advisory Services practice since 2007. Focusing attention on two of the most well-known technology internal control frameworks –the AICPA’s Trust Services Categories and ISACA’s COBIT® framework —Bryan works across industries to help clients identify and mitigate information & technology risk.

Expertise

Bryan leads the Firm’s SOC Examination Practice with specialty niches in business process outsourcing companies, contact centers, media and communications companies, and cloud-native applications. SOC Examination specialties include:

  • SOC 1 for Service Organizations: ICFR
  • SOC 2 for Service Organizations: TSC
  • SOC 3 for Service Organizations: TSC for General Use
  • SOC for Cybersecurity

Bryan also leads the IT Audit, ACH Audit and Vulnerability Assessment segments of YHB’s Financial Services Industry team, regularly speaking at banking conferences in the mid-Atlantic region about IT and cybersecurity risk in the financial services industry.

Certifications

 

·   ·   ·   ·

 

What Clients are Saying

 

“Knowledgeable, fair, responsive.” – Jay H.

“Bryan Newlin, Brad Brosig, and their team have always been very knowledgeable and have provided excellent recommendations. Even outside of audit periods we are able to ask them questions and a response is always quick and informative.” – Anonymous

Stephen M. Weber
X
Stephen M. Weber
MBA, CISA
Connect:
Industries
About Stephen

Stephen joined YHB in 2018 with extensive experience in IT Audit and Advisory Services.  His background includes internal and external IT Audit services for state and federal agencies and  Fortune 500 companies in retail, manufacturing and financial lending. Most recently, he was an instructor at Virginia Commonwealth University focusing on technology-related courses in the Accounting Department’s graduate and undergraduate programs.

 

Expertise

His expertise spans financial statement audits, SOX, project management, legal and compliance and data analytics.  Stephen earned his Masters of Business Administration from the University of Richmond and Bachelors in Business Information Technology from Virginia Tech.  He is actively involved in ISACA.

Stephen also completed ISACA®’s Cybersecurity Audit Certificate Program.

cybersecurityaudit-logo

ISACA’s Cybersecurity Audit Certificate Program provides security professionals with an understanding of the audit process, and IT risk professionals with an understanding of cyber-related risk and mitigating controls.