Firm Profile TURNING RISKS INTO OPPORTUNITIES

Size: px

Start display at page:

Download "Firm Profile TURNING RISKS INTO OPPORTUNITIES"

Dorcas Lyons
5 years ago
Views:

1 Firm Profile TURNING RISKS INTO OPPORTUNITIES

2 You can measure opportunity with the same yardstick that measures the risk involved. They go together. Earl Nightingale TRUSTED ADVISORS RiSK Opportunities was founded on principles of top quality client service with client interests and client value in mind. We understand that risk is a part of business and that the best solution must consider multiple variables; including cost vs. benefit, sustainability, and available resources. We want to help you navigate those variables as your trusted advisor. RiSK Opportunities consists of top talent from world s largest professional service firms and Fortune 500 companies. We serve a range of private and public companies, many with global footprints. From developing functions to worldwide establishments, we have the experience to help your organization make and meet the plan. WHAT WE DO: RiSK Opportunities delivers cost effective risk advisory services with highly experienced professionals using a collaborative and flexible approach. Collaboration does not stop at the opening meeting; we remain on course and continue to evaluate the plan for corrections. Our services are as diverse as our client base. While some clients simply need additional resources to achieve or maintain compliance, others leverage our experience and technology to gain new insights on projects such as Risk Assessments, Enterprise Risk Management (ERM) programs, Process Improvements or Data Analytics. VALUE PROPOSITION: Cost effective Service. We are committed to helping you contain costs. The current market enables us to leverage top talent and the capabilities offered by big firms with minimal overhead. Experience. Your projects are not our training ground. We provide seasoned professionals with relevant experience from the world s largest professional service firms and Fortune 500 companies. Our experience delivers value immediately. Tailored Approach. We are familiar with a myriad of methodologies and approaches to business initiatives, but recognize that every company is different. Our expertise lies in collaborating to understand your needs and determine how we successfully meet them together. Quality and Integrity. We come from the Big Four and adhere to the same standards of quality and integrity. Your projects are closely managed and deliverables are scrutinized to ensure they are accurate, timely, relevant, and actionable. Knowledge Transfer. The combination of highly relevant experience and our collaborative approach ensures that your team learns from ours. Regardless of the service provided, our objective is to build a trusted business advisory relationship Scripps Poway Parkway STE 468 San Diego, California Phone Fax

SERVICE OVERVIEW PROCESSES AND CONTROLS We are highly skilled at establishing and executing structured and sustainable programs for regulatory compliance; including SOX, J SOX, ISO, MAR, IFRS, and

3 SERVICE OVERVIEW PROCESSES AND CONTROLS We are highly skilled at establishing and executing structured and sustainable programs for regulatory compliance; including SOX, J SOX, ISO, MAR, IFRS, and PCI. Our flexible approach allows for a range of delivery methods to meet your needs, (e.g. Loaned Staff, Teaming, and Outsourcing). In addition to program execution, we have the background and hands on experience to review current processes, control programs and control structures for improved gap coverage or efficiency opportunities. BUSINESS ADVISORY Experience with leading global companies and training from the world s largest professional service firms fully equips us to provide guidance on a broad range of business needs including corporate governance, ethics programs, data privacy programs, benchmarking and gap analysis. Our expertise and experience in project \ program management and coordination can help you achieve your objectives from back office efficiencies to Project Management of large scale undertakings allowing delivery on time and within budget. ENTERPRISE RISK Our proven methodology provides a streamlined approach to managing strategic, operational, financial, and compliance risks across the organization. We capture insights through surveys, structured interviews, and technology enabled working sessions to quickly summarize results that support the identification of top risks and enable continual monitoring. Our approach is scalable and sustainable. It can move with the company, enabling the program to be adopted into the organizational fabric and accepted by field management. INTERNAL AUDIT Our deep functional knowledge of internal audit can be leveraged in a number of ways. For example, our seasoned professionals can help you efficiently execute your audit plan, obtain direction to establish governance frameworks, optimize business processes and/or further develop your internal audit function to maximize quality. In addition to internal audit support, we have Institute of Internal Audit (IIA) certified Quality Assessment Reviewers that can compare the results of the internal audit department under review to leading practices of other departments. 3 P age

4 IT ADVISORY Our extensive, hands on experience as IT advisors offers varying levels of support for your IT environment. For example, we can assess IT General Controls, facilitate development of review ready controls, assess network security, and provide third party assurance (SSAE 16, ISAE 3402) support. Our advisors can also take on the more robust aspects of IT Management and cyber security including: IT Effectiveness reviews, network attack and penetration assessments, and social engineering schemes. CONSTRUCTION Construction projects can be the largest and most complex financial expenditures undertaken by any entity. They usually involve complicated contacts with multiple tiers and pricing agreements. Traditional audits typically result in a checklist of accounting issues, while construction audits can deliver tangible and quantifiable benefits. The opportunity exists to fine tune your control environment, enhance accountability, achieve fiscal responsibility, recover lost dollars and safeguard your investment. Our resources are uniquely positioned with the necessary industry expertise and knowledge as well as a structured, comprehensive and tested approach. TRAINING (IA, SOX, ITGC S, PCI, ETC.) We offer training to our client base using our seasoned professionals with relevant experience from the world s largest professional service firms and Fortune 500 companies. We provide leading practices around such topics as Internal Audit, control documentation, policies and procedures, IT and infrastructure control procedures, PCI DSS requirements, and working with external auditors. We work closely with you to develop your program based on your company, team and learning objectives. The combination of highly relevant experience and our collaborative approach ensures that your team learns from ours. TOOLS & ENABLERS We use technology to enable your success from voting devices that facilitate active participation and collaboration, to analytic software which helps us pinpoint answers, trends, and anomalies in the data pool. We leverage proven methodologies, templates and formats that have yielded success with other clients and develop an approach specific to your business needs. The true value is in how we apply the aforementioned tools and enablers to help you get to the right answer faster. 4 P age

PROCESSES & CONTROLS From compliance program design and execution to assessment of current processes, control programs and control structures for opportunities, we have the background and hands on

5 PROCESSES & CONTROLS From compliance program design and execution to assessment of current processes, control programs and control structures for opportunities, we have the background and hands on experience to meet your needs. SARBANES OXLEY (SOX) Perform Top down Risk based approach to scoping Identify Entity Level and Monitoring Controls mitigating significant financial reporting risks IT General Control (ITGC) assessments, test support and remediation Evaluate the design and operating effectiveness of primary controls Process documentation and control design Control rationalization/optimization THIRD PARTY REPORTING Program development to improve transparency of business processes for business partners OTHER REGULATORY (JSOX, ISO, MAR, ETC.) Evaluate as is control environment and compare to regulatory requirements Co develop improvement / compliance plan PROCESS MAPPING / IMPROVEMENT Documentation of as is processes Mapping business processes to risks and controls Policy and procedure development or enhancement Process design / re design Process, system and data mapping for pre and post implementation reviews Assistance in developing target platforms of processes, applications and controls 3 RD PARTY VENDOR MANAGEMENT Identification of third party vendors in need of review and policy or process enhancements Recommend areas of focus in due diligence before engaging with or crafting agreements with delegated entities Best practices and common deficiencies in the oversight of delegated entities 5 P age

BUSINESS ADVISORY We have led domestic and international teams through a variety of complex business issues, compliance exercises, audits and process improvement initiatives across multiple

6 BUSINESS ADVISORY We have led domestic and international teams through a variety of complex business issues, compliance exercises, audits and process improvement initiatives across multiple industries. The hands on experience coupled with top and continuous training provides a solid foundation from which our resources provide the best in business advisory capabilities. PROJECT MANAGEMENT Application of direct experience to supplement or fill Project Management Office (PMO) roles for direction and management of overall projects Project tasking, timeline and reporting design Direction and development of company Internal resources to enhance capability Management of external service providers to provide consistency and continuity. ORGANIZATION & STRATEGY Governance reviews and advisory support to include succession planning, board and committee charters and organization documentation Ethics reviews, code of conduct, Red Flag Rules Business process effectiveness reviews IT effectiveness reviews ASSET PROTECTION Intellectual Property (IP) management program reviews Loss Prevention program reviews ANALYSIS Gap Analysis between current state and target state including transformation plan development Benchmarking against leading practices, regulatory standards, etc. 6 P age

$ENTERPRISE RISK Methodology and tools are only a fraction of the story when enterprise risk programs are involved.$

7 ENTERPRISE RISK Methodology and tools are only a fraction of the story when enterprise risk programs are involved. To encourage acceptance and sustainability, advisors must provide experience in understanding variances in organizational and divisional goals and objectives. We bring this experience to each Enterprise Risk engagement. ENTERPRISE RISK ASSESSMENT (ERA) Identify significant inherent industry risks Capture insights across the organization using surveys, structured interviews and technologyenabled working sessions (See Tools for details) Categorize and prioritize key risks Co develop actionable steps to further mitigate or manage key risks DISASTER & CONTINUITY MANAGEMENT Co develop Disaster Recovery Response Plan(s) Co develop Business Continuity Plans (BCP) Benchmark existing BCP against leading practices Perform Business Impact Assessments (test Disaster Recovery Plans and BCP s) ENTERPRISE RISK MANAGEMENT Perform or enhance an existing Enterprise Risk Assessment Evaluate the design of the risk management and internal control framework Follow up on significant business risks to identify appropriate improvement efforts relevant to associate ratings Embed ongoing risk assessment and monitoring into management processes Define focus areas for framework enhancements Co develop reporting and communication plans for risks and monitoring efforts Development of ERM governance and charter authorities 7 P age

INTERNAL AUDIT At RiSK Opportunities we are well versed in internal audit methodologies, frameworks, planning, execution, and final delivery (executive management and Board level).

8 INTERNAL AUDIT At RiSK Opportunities we are well versed in internal audit methodologies, frameworks, planning, execution, and final delivery (executive management and Board level). We bring this experience to each internal audit engagement. GOVERNANCE & FRAMEWORK ADVISORY Facilitate alignment of Internal Audit (IA) purpose, mandate, and scope with key stakeholder s expectations (Charters, Frameworks, Reporting) Facilitate the achievement of IA objectives through focused methodology, knowledge and Quality Assurance (QA) programs QUALITY REVIEWS Assess Current state of the IA function and provide recommendations for potential improvements Benchmark IA against leading practices, Institute of Internal Auditors (IIA) standards, etc. IIA Quality Assessment Reviews (QAR) Define a roadmap for transforming IA function INTERNAL AUDIT SUPPORT Provide delivery methods to meet business needs (Loaned Staff, Teaming, Outsourcing) Facilitate the development of internal capabilities Supplement existing teams with specialty knowledge / capabilities Risk Assessment support Facilitated Workshop support (risk validation, control validation, plan validation) Contract compliance assessments CONTINUOUS CONTROL MONITORING Assess and co develop approaches to move from static to continuous control monitoring programs 8 P age

9 IT ADVISORY We are well versed in IT General Controls and control frameworks. In addition, we maintain close alliances with partners that can provide various levels of support from in depth network and parameter assessments to IT outsourcing. IT GENERAL CONTROLS (ITGC S) ITGC assessments, test support and remediation System and process documentation and control gap analysis GOVERNANCE & SERVICE FRAMEWORKS Governance and service frame work reviews in accordance with accepted leading practices and frameworks (e.g. ITIL) THIRD PARTY ASSURANCE SERVICES Assess readiness for third party assurance reviews (SSAE 16, ISAE 3402, PCI Compliance, NIST, etc.) Assess readiness for non assurance third party reviews (Federal Agencies, funding parties, oversight organizations, etc.) Development of control matrices, user considerations and internal support functions Remediation planning, management and support SECURITY Network Security assessments (internal and external) Attack and Penetration service coordination Social engineering defense reviews IT Security control reviews BUSINESS CONTINUITY MANAGEMENT (BCM) Identify risk, threats and vulnerabilities that could impact an entity's continued operations Provide a framework for building organizational resilience and the capability for an effective response 9 P age

CONSTRUCTION We tailor our construction audit methodology to each client s unique construction project, internal control environment and business objectives.

10 CONSTRUCTION We tailor our construction audit methodology to each client s unique construction project, internal control environment and business objectives. We can add value to any stage of your construction project from bidding / pre construction, during the construction, construction payments or at the close out of the project. COST ASSESSMENTS Reviews of general contractor bills for correct construction costs Validate that architect, project manager, engineer or construction management firm reviewed all of the construction costs Validate that accounts payable department performed detailed reviews of construction invoices Compare quantities billed to quantities installed CONSTRUCTION REVIEWS Identify potential overpayment, overcharges, duplicate payments, and billing to wrong projects Review and recommend contact language Evaluate change orders and the control environment Review the bid process, deliverables, overhead expenses, materials, equipment, tools, rentals, scope, and progress payments Evaluate schedules, procurement, estimates, quality control, safety, and reporting Conclude that back charges were accomplished, and valued fairly Litigation avoidance and support Risk assessment and management 10 P age

evolving leading practices that give you hands on experience in solving real world problems.

setting, event identification, risk assessment, risk response, control activities, information and communication

with leading practices on Internal Audit, control documentation, policies and procedures, IT and infrastructure

activity level testing controls, including an overview of audit and testing techniques Audit control

11 TRAINING (IA, SOX, ITGC S, PCI, ETC.) At RiSK Opportunities we take pride in developing and delivering training programs based on continually evolving leading practices that give you hands on experience in solving real world problems. PARTIAL SELECTION OF TRAINING SUBJECTS Introduction of COSO ERM components of internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication and monitoring Introduction of specific frameworks such as COBIT, ITIL, ISO, PCI DSS and AS Hands on experience with leading practices on Internal Audit, control documentation, policies and procedures, IT and infrastructure control procedures, PCI DSS requirements, and working with independent auditors Explore entity level and activity level testing controls, including an overview of audit and testing techniques Audit control effectiveness, assessing the adequacy of control design, activity level operating effectiveness and documenting test procedures and results TOOLS & ENABLERS (EXAMPLES) RISK ASSESSMENT ENABLERS PROJECT MANAGEMENT ENABLERS VOTING TOOLS 11 P age

12 CONTACTS Dan Lathus, CPA.CITP, CRMA Office: Direct: E mail: Dan.Lathus@RiskOpportunities.com Dan specializes in processes and controls, governance, Enterprise Risk Management (ERM), IT Operations & Auditing, audit & attest support, internal audit and process improvement across a variety of industries. Dan was previously the Process and Controls Leader for Ernst & Young s Pacific South West sub area and has led numerous complex projects ranging from compliance based initiatives (SOX Compliance, Model Audit Rule Compliance, Payment Card Industry (PCI) Standards, Federal Funding, NIST 800, etc.) to internal corporate drives toward process improvement to internal audit initiatives around data privacy concerns. In addition to being a CPA, Dan is a Certified Information Technology Professional (CPA.CITP) well versed in IT infrastructure, controls and governance. Additional credentials include Certification in Risk Management Assurance and ITIL Foundations v3. Jeffrey W. Miller, CPA, CGEIT, CRMA, CFSA, CPEA Office: ext. 117 Direct: E mail: Jeff.Miller@RiskOpportunities.com Jeff maintains team operations and executive relations as a Director for clients with significant experience working with public company boards, audit committees, executive management and company stakeholders in a diverse portfolio of industries. Jeff has worked with over 50 publically traded companies regarding internal audit, information technology audit, operational audit, process improvement initiatives, and Audit Standards (AS) No. 5 streamlining. Jeff has a vast working knowledge and experience with COSO s Integrated Framework, SOX 404, PCAOB AS No. 5, FASB Pronouncements, GAAS, US GAAP, general auditing techniques and standards, and the Institute of Internal Auditors Professional Practices Framework. He also has solid technical experience with CobiT and information technology audit and governance, ITGC, ITIL and SSAE16. REFERENCES A variety of client references is available and can be provided upon request. 12 P age