Risk & Compliance

Risk management programs must keep pace with changes in technology, regulation, and economic drivers. We help organizations move from document-centric to data-centric programs using automation, analytics, and other tools to innovate, automate, and optimize risk management across their entire organization. Areas we support include:  

• Internal audit transformation/modernization 
• Sarbanes-Oxley (SOX) program optimization 
• Internal controls automation 
• Agile auditing
• Governance, Risk, & Compliance (GRC) tool strategy, selection, and implementation support
• IT risk assessments  

For established or developing internal audit functions alike, we provide technical expertise, serve as your Chief Audit Executive (CAE), and deliver critical audit services. Areas we support include: 

• Internal audit program implementation 
• Internal audit outsourcing, inclusive of Audit Committee reporting 
• Co-sourcing specific audits for technical expertise (e.g., cyber, privacy, IT, ESG, technical accounting) or to supplement your existing team
• Quality assurance reviews
• Dynamic risk assessments

A right-sized compliance program does more than “check a box.” We design trusted, risk-adapted programs custom to your unique needs as they evolve over time. Areas we support include:  

• SOX strategy, readiness, program implementation, and testing
• ESG data quality and controls assessments
• Regulatory and IT compliance assessments, process re-engineering, and control remediation related to financial services regulations, anti-money laundering, and privacy and data protection

Enterprise Risk Management (ERM) holistically benefits the entire organization without silos or redundancies. We enable you to create a consistent, enforceable approach to risk management across various groups. Areas we support include:  

• Enterprise-wide risk assessments
• ERM program build/optimization
• Risk framework and taxonomy implementation
• Third-Party Risk Management (TPRM) 
• Business continuity/disaster recovery planning 
• Training related to emerging risk topics 

Fraud schemes often go undetected for months or years, resulting in loss or reputational damage. We proactively mitigate fraud risk or, in the unfortunate event an incident occurs, we investigate the facts and circumstances to resolve the matter, implementing remediation to prevent future occurrences. Areas we support include:   

• Fraud risk assessments
• Fraud controls assessments
• Ethics policy and whistleblower program development 
• Internal investigations