risk assessment
- Internal controls risk assessment
- SOX (404) testing and evaluation of current practices
- Critical and non-critical system identification
- Threat, risk, and vulnerability assessment and documentation
- Assessment of detection and monitoring activities
process review
- Review and assess current financial practices/policies and procedures
- Procedure and control gap identification
- Walkthroughs and interviews with key process owners
- Narratives: creation/evaluation of internal control documentation
- Workflows: creation and evaluation of information/data flow, including control points
implementation
- Develop policies and procedures for key areas and functions
- Substantive testing procedures of company's internal controls
- Advise on remediation of process breakdowns and control gaps
- Develop and implement an awareness plan for personnel to mitigate potential risk exposure
- Control matrix and risk analysis development
- Align controls and procedures with COSO/COBIT framework and best practices