Recommendations for outsourced IT General Controls Review and MBL Review

Does anyone have recommendations for third party firms to conduct an IT risk assessment and general controls review?  Also, any recommnedations for a firm to conduct an MBL review?  Any input is appreciated.  Feel free to email me at chooser@campuscu.com.  Thank you!