risk assessment

  • Internal controls risk assessment
  • SOX (404) testing and evaluation of current practices
  • Critical and non-critical system identification
  • Threat, risk, and vulnerability assessment and documentation
  • Assessment of detection and monitoring activities

financial information

  • Consultation with management for preparation of financial information and distribution of significant findings
  • Communicate findings with process owners, senior management, and external auditors
  • Review and document agreed-upon procedures with management
  • Assist in the preparation of Audit Committee presentations to communicate test results and remediation status

process review

  • Review and assess current financial practices/policies and procedures
  • Procedure and control gap identification
  • Walkthroughs and interviews with key process owners
  • Narratives: creation/evaluation of internal control documentation
  • Workflows: creation and evaluation of information/data flow, including control points


  • Review and develop process for tracking outstanding management action items
  • Reporting and validation of process and satisfactory resolution of findings
  • Review and advise on continuous monitoring efforts
  • Assessment of follow-up engagement testing and procedures


  • Develop policies and procedures for key areas and functions
  • Substantive testing procedures of company's internal controls
  • Advise on remediation of process breakdowns and control gaps
  • Develop and implement an awareness plan for personnel to mitigate potential risk exposure
  • Control matrix and risk analysis development
  • Align controls and procedures with COSO/COBIT framework and best practices