Enterprise Risk Services

Internal Audit Services

  • Audit – financial, IT, compliance, operational
  • Interim Chief Audit Executive (CAE) / Director of Internal Audit (DIA)
  • Quality Assessment Review (QAR)

Security

  • Solution selection
  • Interim Chief Security Officer / Chief Information Security Officer
  • Architecture
  • Technical security
  • General assessment
  • Vulnerability assessment
  • Attack & penetration testing

Business Continuity Planning / Disaster Recovery

Regulatory Compliance

  • Sarbanes-Oxley
  • HIPAA
  • GLBA
  • PCI
  • SAS 70
  • ISO 27001
  • Risk assessment
  • Overall programs to lower cost and increase efficiency
  • Gap analysis and remediation strategies

Attestation Program Management

Phase 1: Enterprise Wide Risk Assessment
  • Evaluate and understand environmental controls
  • Assess the complexity of the IT infrastructure
  • Assist management in performing process/financial risk assessment and mapping to the critical assertions
  • Work with management to establish and approve project plan.
Phase 2: Process and Control Documentation
  • Document all processes identified as high and medium risk
  • Identify key controls at the transactional, application, and process levels
  • Provide recommendations on weaknesses discovered in overall design effectiveness
  • Provide a test plan for key controls using external audit approved testing guidelines
Phase 3: Key Control Testing
  • Perform testing of key controls
  • Identify all controls that have deficiencies in operating effectiveness
Phase 4: Ongoing Compliance
  • Assist management with attestation
  • Update documentation as needed
  • Perform quarterly retesting where required
  • Assist management with self-assessment program
  • Assist management with internal training program
  • Assist management in lowering cost and increasing efficiency

Our Commitment

  • Continuous updates to management throughout the process
  • Objectively evaluate the findings with management and reposition mitigating controls to the External Auditor
  • No surprise fees: we cap employee travel expenses and the administrative overhead to the client
  • We assist management’s understanding of the process in order to better enable ongoing commitment and compliance after successful project completion

Our Advantage

  • Project teams include consultants with external audit experience
  • Engagement teams are trained on identifying business process improvements without requiring additional time and commitment
  • Our multi-tier staffing model provides the best value for the resource levels used

Contact us to learn more.