Risk Advisory


Address Risk in All Facets of Your Organization

As part of sound organizational governance, risk management focuses on how organizations can successfully achieve strategic business objectives and effectively function with an optimal level of risk-taking. Companies need to address risks in all facets of the organization in a balanced manner, weighing both opportunities and threats as management deploys resources to achieve enterprise goals.

Bennett Thrasher’s Risk Advisory Services team can help you understand the risks relevant to your company and develop strategies to respond to these risks in ways that promote enterprise-wide success. You can trust our experienced team to help you navigate the complex issues facing your business, including industry-specific challenges and applicable regulations.


Your organization needs to ensure its IT systems, accounting processes and other crucial systems are secure, available, efficient and compliant with applicable regulations. This requires strong internal controls to help promote integrity within IT and business processes, deter fraud, minimize errors and pass regulatory scrutiny.

The IT and business risk consulting professionals at Bennett Thrasher can assist your organization with designing or evaluating internal controls based on the results of a risk-based evaluation of the entire organization, technology or a specific business function.

Our services include:

  • IT, operational and financial risk assessments
  • Process mapping and design reviews
  • Internal control gap assessments
  • Process narrative and internal control documentation
  • Testing of internal controls across all aspects of business processes and IT
  • IT and financial Sarbanes Oxley (SOX) internal control evaluations and testing

Drawing on our collective experience as both business consultants and past members of operational and executive management teams of both private and public companies, our team can help you better align IT and operational practices with risk management strategies to improve performance.

In today’s everchanging business landscape, organizations must be aware of the risks that surround them and identify and implement strategies for optimizing ways in which these risks can be addressed. Through internal audit activities, you can develop strategies to help you achieve your goals that are tailored to your organizational priorities and relevant to identified risks to your strategic objectives.

Bennett Thrasher can assist your organization with its internal audit function, including:

  • Performing an enterprise-wide risk assessment to help identify and prioritize relevant risks to the organization
  • Developing an internal audit plan of prioritized audits based on identified risks
  • Implementing or supplementing an internal audit function that is objective, competent and results-driven
  • Testing internal controls across business processes and technology
  • Providing recommendations for improving internal controls that enhance your operational, technical and financial processes

Our team can support you as a fully outsourced or co-sourced internal audit function. Our internal audit approach adds value to and improves the effectiveness of your operations, including risk management, control and governance processes.

When internal and external stakeholders demand trust and transparency over financial and operational internal control, System and Organization Controls (SOC) reports can provide that assurance. These reports are issued by an independent auditor and address the design and operating effectiveness of internal controls at your organization.

  • SOC 1 reports evaluate the effectiveness of internal controls over financial reporting intended to be used by your customers and the auditors of your customers’ financial statements.
  • SOC 2 reports are restricted-use reports that evaluate the effectiveness of controls relevant to security, availability and processing integrity of the systems used to process your customers’ data and the confidentiality and privacy of the information processed by these systems.
  • SOC 3 reports are similar to SOC 2 reports that focus on controls over security, availability, processing integrity, confidentiality or privacy, but are rather general use reports that do not include a description of the system provided by service organization management or a description of the service auditor’s procedures and results.

Our professionals can help you select the appropriate SOC examination type and deliver a report that demonstrates the integrity of your business operations and technology environment. Additionally, we also can perform a SOC Readiness Assessment to assist you with preparing for a future SOC examination.

Team Leaders

Bennett Thrasher believes in serving our clients by building trust through insight and involvement.

If you’re looking for a partner to help you address risks across multiple facets of your organization, we can help. Contact Mike Hostinsky or Ray Lee to schedule a consultation.

Mike Hostinsky

Contact Me »

Ray Lee

Contact Me »


Latest Insights

Related Services

Technology Services

Learn More »

SOC Reporting

Learn More »