The University is requesting proposals to conduct a risk-based IT security audit of our information systems and associated data and services to assess and evaluate the effectiveness and efficiency of IT governance and controls based on business requirements, identify areas of vulnerability and recommend risk mitigation strategies.