Internal Audit Advisory

Establishment of a new IA function for both a private or newly public entity in accordance with IIA’s new Global Internal Audit Standards. IA’s ultimate goal should be to provide any organization with value-added IA services that help identify risk, provide valuable internal control and operational improvement opportunities, and actionable recommendations and solutions.

Integration of COSO’s 2013 internal control framework by designing and mapping your control environment to COSO’s seventeen principles, which represent the fundamental concepts of effective internal control.

Identification and assessment of enterprise-wide risks to the company including documentation of significant risks and how they threaten the achievement of strategic objectives. Based on the company’s internal audit risk assessment, development of the audit universe and proposed IA plan which consider risk, budget, timing, and resources.

Development of corporate policies and procedures governing areas such as finance and accounting, regulatory compliance, IT and HR. CNM can further assist with implementation and training of new policies.

CNM has a full-service cybersecurity and data privacy practice. To learn more about our Cybersecurity & Privacy Advisory services, visit our our Cybersecurity page.

CNM has the IT experience to provide advisory services in a variety of specialized IT areas. To learn more about our IT IA practice, visit our IT Advisory page.

Fully outsource or co-source your ERM function with CNM’s experienced professionals to integrate seamlessly with your governance infrastructure.

New implementation of a risk management framework (e.g., COSO ERM Framework) that provides foundations and organizational arrangements for designing, executing, monitoring, reviewing, and continually improving risk management throughout the organization.

Assessment of the client’s existing ERM function/framework against leading frameworks (e.g., COSO, ISO 31000) in order to provide value-add enhancements including structural/procedural recommendations and augmented reporting and automation.

Assess the client’s current governance operating model and provide value-add recommendations for the board and executive management to strengthen their governance framework and policies including a reassertion/clarification of their governance roles, establish board-level risk committees, or appoint chief risk officers (CROs).

Development and execution of a methodology to identify and assess the significance of entity-wide risks to the company and management’s corresponding activities in response .

Based on enterprise-wide risks, execute value-add monitoring audit reviews in accordance with the established ERM governance framework.

Assist organizations in the alignment of firm practices with industry requirements and regulatory guidelines, such as SR 08-08

Assist organizations with creating or enhancing an effective AML program in line with your organization’s AML risk profile, including deep experience performing independent testing requirements

Assist organizations with compliance with federal regulatory rules, regulations and guidelines, including FFIEC, OCC Standards, FRB, FDIC, FINRA

Assist organizations with the implementation of management’s actions to remediate Matters Requiring Attention or Matters Requiring Immediate Attention

Assist organizations with creating or enhancing its fiduciary compliance program in line with regulatory expectations

Assist organizations with services to combat the risk of fraud and managing the investigation and remediation process

Assist organizations with creating an effective monitoring program to detect and prevent deceptive acts