risk assessment
- Internal controls risk assessment
- SOX (404) testing and evaluation of current practices
- Critical and non-critical system identification
- Threat, risk, and vulnerability assessment and documentation
- Assessment of detection and monitoring activities
financial information
- Consultation with management for preparation of financial information and distribution of significant findings
- Communicate findings with process owners, senior management, and external auditors
- Review and document agreed-upon procedures with management
- Assist in the preparation of Audit Committee presentations to communicate test results and remediation status
process review
- Review and assess current financial practices/policies and procedures
- Procedure and control gap identification
- Walkthroughs and interviews with key process owners
- Narratives: creation/evaluation of internal control documentation
- Workflows: creation and evaluation of information/data flow, including control points
follow-up
- Review and develop process for tracking outstanding management action items
- Reporting and validation of process and satisfactory resolution of findings
- Review and advise on continuous monitoring efforts
- Assessment of follow-up engagement testing and procedures
implementation
- Develop policies and procedures for key areas and functions
- Substantive testing procedures of company's internal controls
- Advise on remediation of process breakdowns and control gaps
- Develop and implement an awareness plan for personnel to mitigate potential risk exposure
- Control matrix and risk analysis development
- Align controls and procedures with COSO/COBIT framework and best practices
