Provides regulatory compliance expertise specific to the regulated industry served. For Financial Institutions Industry, this includes expertise in securities laws and regulations (e.g., FINRA, SEC, Investment Advisers Act, MSRB, NFA), banking laws and regulations (e.g., FFIEC, FRB, OCC, OTS, NCUA, and other). Anti-Money Laundering independent reviews over broker-dealers, hedge funds and banks.  Follow-through with compliance process improvement remediation, vendor selection, program and project management over tools enhancement & implementation.  Senior level reporting of progress against client's goals and objectives.

Evalute existing capabilities to monitor risk / control including review of data structures and taxonomies for process, function, risk, controls and other structures as applicable (i.e, loss data, scenario analysis, external data, benchmarking).  Determine needs for technology and/or data solutions to cover GRC, and provide the most effective reporting based on client size and culture.  Prepared to introduce technologies and rigourously/objectively help evaluate the appropropriate solutions based on clients' overall plan for GRC and ERM.  Aid in the implementation of risk-control related tools, products, technologies and/or data structures.  Test results, and provide senior level progress / program reporting.

Covers the full SOX 302  process & 404 planning and execution assistance to support management in their assertion on Internal Controls under the COSO Framework.  Work with both management and the external auditors to evaluate results and remediation efforts. Assist in the following SOX functions: establishing materiality thresholds, risk-assessments, process & controls documentation, controls testing, reporting & remediation work.

Technology risk services require both general and specific expertise such as skills required to cover Network Security, Privacy, BCP, Database Architectures, critial applications & security, and computer operations.  Our services covers CoBIT objectives, ISO 27000 Standards, IT Governance, IT SOX (Segregation of Duties & Change Management), new system implementation 'in-flight' reviews (SDLC and other development methods) and other related Technology Risk areas.

Assisting the Internal Auditor in evaluating the effectiveness of the function, providing audit plan assistance, including use of tools, content & data to assist in capturing firm-wide risk/controls.  Both general and specialized internal audit co-sourcing in support the internal audit function.  Key types of internal audits and other independent assessments performed for either Internal Audit or other business areas include, but are not limited to:

• Internal Audit Planning & Risk Assessment
• Specialized internal audit over complex areas where knowlege transfer is desired
• Asset quality review including credit & loan reviews
• Vendor Reviews over the firm's key service relationships (financial, credit, operational & technology)
• Regulatory Compliance Reviews (Independent AML and other Compliance-related assessments)
• In-Flight and Post Implementation Reviews (technology development & deployment)
• Financial Statement Reviews pre-audit (for SAS 65)
• Forensic audits
• General internal audit or special focus reviews in support of our client's existing review teams

Board and Executive level advisory on changes in responsibilities in corporate governance, including charter review, external reporting, risk-based compensation, insurance optimization, ERM program design, internal audit charters & organizational structures, and other governance-related advisory.