Risk Advisory

Your organization needs to ensure its IT systems, accounting processes and other crucial systems are secure, available, efficient and compliant with applicable regulations. This requires strong internal controls to help promote integrity within IT and business processes, deter fraud, minimize errors and pass regulatory scrutiny.

The IT and business risk consulting professionals at Bennett Thrasher can assist your organization with designing or evaluating internal controls based on the results of a risk-based evaluation of the entire organization, technology or a specific business function.

Our services include:

• IT, operational and financial risk assessments
• Process mapping and design reviews
• Internal control gap assessments
• Process narrative and internal control documentation
• Testing of internal controls across all aspects of business processes and IT
• IT and financial Sarbanes Oxley (SOX) internal control evaluations and testing

Drawing on our collective experience as both business consultants and past members of operational and executive management teams of both private and public companies, our team can help you better align IT and operational practices with risk management strategies to improve performance.

In today’s everchanging business landscape, organizations must be aware of the risks that surround them and identify and implement strategies for optimizing ways in which these risks can be addressed. Through internal audit activities, you can develop strategies to help you achieve your goals that are tailored to your organizational priorities and relevant to identified risks to your strategic objectives.

Bennett Thrasher can assist your organization with its internal audit function, including:

• Performing an enterprise-wide risk assessment to help identify and prioritize relevant risks to the organization
• Developing an internal audit plan of prioritized audits based on identified risks
• Implementing or supplementing an internal audit function that is objective, competent and results-driven
• Testing internal controls across business processes and technology
• Providing recommendations for improving internal controls that enhance your operational, technical and financial processes

Our team can support you as a fully outsourced or co-sourced internal audit function. Our internal audit approach adds value to and improves the effectiveness of your operations, including risk management, control and governance processes.

When internal and external stakeholders demand trust and transparency over financial and operational internal control, System and Organization Controls (SOC) reports can provide that assurance. These reports are issued by an independent auditor and address the design and operating effectiveness of internal controls at your organization.

• SOC 1 reports evaluate the effectiveness of internal controls over financial reporting intended to be used by your customers and the auditors of your customers’ financial statements.
• SOC 2 reports are restricted-use reports that evaluate the effectiveness of controls relevant to security, availability and processing integrity of the systems used to process your customers’ data and the confidentiality and privacy of the information processed by these systems.
• SOC 3 reports are similar to SOC 2 reports that focus on controls over security, availability, processing integrity, confidentiality or privacy, but are rather general use reports that do not include a description of the system provided by service organization management or a description of the service auditor’s procedures and results.

Our professionals can help you select the appropriate SOC examination type and deliver a report that demonstrates the integrity of your business operations and technology environment. Additionally, we also can perform a SOC Readiness Assessment to assist you with preparing for a future SOC examination.