Risks exist in every decision an organization takes in achieving its business objectives. And it’s important for companies to identify their risk appetite in order to evaluate their risk response strategy. But risk management goes beyond merely identifying and mitigating risk.
It requires implementing globally-accepted methodologies and governance frameworks — such as COSO internal controls and COSO ERM framework — to ensure risk management is embedded in the DNA of all employees across all three lines of defense. Therefore, it’s important for organizations to implement a risk management strategy that’s aligned with their business strategy and objectives.
At Centri, our internal control risk assessments help you identify, prioritize, and provide actionable solutions to manage your risks and compliance obligations, while considering the current state of your organization and industry. We’re dedicated to understanding your unique needs in order to take a holistic, integrated approach to risk management. We have the foresight to anticipate future challenges to help you stay ahead of threats and turn risk into a competitive advantage.
Risk Management Advisors to Support Your Business
Effective risk management starts with the identification of the key risks and threats (internal and external) facing your organization and industry. One of the key risk mitigation strategies is ensuring implementation of sound internal controls that are both preventative and detective in nature.
These include proper risk management governance, education, and KPIs tied to appropriate risk management, compliance programs, internal audits, and robust risk intelligence measures. We offer the advisory risk management services below to help you manage and mitigate potential risk and compliance obligations within your organization.
Sarbanes-Oxley Compliance Services
- SOX compliance readiness assessments to determine an organization’s readiness when preparing for an IPO or exiting Emerging Growth Company (EGC) status
- Implementation of a sustainable SOX program in accordance with COSO 2013 internal control framework, including process documentation, risk, and control identification
- Ongoing support for management’s assessment for ICFR (SOX 404a and 404b), including scoping, risk assessment, walkthroughs, testing, and reporting (including external auditor coordination) in a fully outsourced or a co-sourced model with applicable PCAOB and SEC guidance and requirements for integrated audits
- Evaluation of IT General Controls (ITGCs) and new system implementations
- Evaluation of segregation of duties
- Remediation of material weaknesses and significant control deficiencies
- Training support to establish accountability for control and process owners
Policy Development & Implementation Services
- Corporate governance policies (e.g. board committee, charters, trading policy, whistleblower policy, etc.)
- Accounting policy manuals
- Information Security and IT change management policies
Risk & Internal Control Assessments
- Enterprise Risk Management (ERM) assessments, including risk identification, prioritization, and mitigation
- IT Risk Assessments and General Controls (ITGCs) assessments
- End-to-end business process evaluation to develop process narratives and flowcharting
- COSO 2013 Integrated Controls Framework Mapping and adoption
- System pre- and post-implementation reviews
- ASC 842 (lease) and ASC 606 (revenue recognition) internal control considerations
- Mergers & acquisition due diligence
- Pre- and post-acquisition integration of people, process, and system controls
SOC 1 Readiness & Report Reviews
- Management of SOC Compliance Program
- SOC report selection and readiness assessments
- Review, analyze, and document SOC 1 reports for outsourced service providers, third parties, and software-as-a-service (SaaS) models
- Evaluation of SOC reports for Sarbanes-Oxley compliance and third-party risk management
- Develop audit universe and internal audit methodology
- Perform risk assessments and develop audit plans
- Execute risk-based audits and draft audit reports for the board and management
- Perform Quality Assurance and Improvement Program (QAIP) in compliance with the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF)
Forensic Analysis & Support
- Provide forensic analysis for variety of fraud schemes, including payroll, cash, purchasing, theft, and expenses
- Travel and entertainment expense assessments for executive officers performing fraud risk assessment
Need Our Expert Risk Advisory Services?
Please fill in the form below to get in touch with our team.