risk assessment

• Internal controls risk assessment
• SOX (404) testing and evaluation of current practices
• Critical and non-critical system identification
• Threat, risk, and vulnerability assessment and documentation
• Assessment of detection and monitoring activities
   

process review

• Review and assess current financial practices/policies and procedures
• Procedure and control gap identification
• Walkthroughs and interviews with key process owners
• Narratives: creation/evaluation of internal control documentation
• Workflows: creation and evaluation of information/data flow, including control points

implementation

• Develop policies and procedures for key areas and functions
• Substantive testing procedures of company's internal controls
• Advise on remediation of process breakdowns and control gaps
• Develop and implement an awareness plan for personnel to mitigate potential risk exposure
• Control matrix and risk analysis development
• Align controls and procedures with COSO/COBIT framework and best practices
  
  

financial information

• Consultation with management for preparation of financial information and distribution of significant findings
• Communicate findings with process owners, senior management, and external auditors
• Review and document agreed-upon procedures with management
• Assist in the preparation of Audit Committee presentations to communicate test results and remediation status

follow-up

• Review and develop process for tracking outstanding management action items
• Reporting and validation of process and satisfactory resolution of findings  
• Review and advise on continuous monitoring efforts
• Assessment of follow-up engagement testing and procedures