Compliance and Risk Advisory

CNM’s Compliance and Risk Advisory practice comprises Sarbanes-Oxley Consulting (SOX) and Internal Audit services. Since 2003, CNM has been assisting Fortune 500, middle market, and pre-IPO companies in structuring a risk management framework to assist with internal control best practices, complying with SOX provisions, and ongoing governance, risk, and compliance activities.

The most successful organizations are those that can effectively balance governance, risk and compliance while still managing their daily operational needs and long-term strategic goals. Having an effective risk management system it is essential to have a strategic tool and a competitive advantage. Leading companies know that foreseeing and navigating the uncertainties in business and regulation is beneficial in helping them achieve business objectives and financial goals.

Compliance and Risk Advisory

CNM’s Compliance and Risk Advisory practice comprises Sarbanes-Oxley Consulting (SOX) and Internal Audit services. Since 2003, CNM has been assisting Fortune 500, middle market, and pre-IPO companies in structuring a risk management framework to assist with internal control best practices, complying with SOX provisions, and ongoing governance, risk, and compliance activities.

The most successful organizations are those that can effectively balance governance, risk and compliance while still managing their daily operational needs and long-term strategic goals. Having an effective risk management system it is essential to have a strategic tool and a competitive advantage. Leading companies know that foreseeing and navigating the uncertainties in business and regulation is beneficial in helping them achieve business objectives and financial goals.

Sarbanes-Oxley Consulting
and Compliance

The Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”) is a U.S. federal legislation that was enacted to restore investor confidence in the financial markets and to enhance the quality of financial reporting. This legislation has created significant challenges for executives, directors, auditors, and others to satisfy the requirements in a cost-effective and value-added manner.

At CNM, we have successfully guided companies through the initial implementation of Section 404 as well as assisted in continuing compliance efforts subsequent to implementation and supporting external auditor attestation. We have extensive experience helping create and maintain effective SOX control structures in various industries through periodic SOX regulatory updates and requirements such as Staff Audit Practice Alert Number 11 (Considerations for Audits of Internal  Control over Financial Reporting) and COSO Frameworks (2013 and ERM frameworks).

Our detailed internal controls methodology covers all aspects of a SOX engagement, including the risk assessment and scoping, segregation of duties analysis, sample size and error tolerance guidance, walkthrough and test of controls, aggregation of deficiencies analysis and remediation testing. We adapt this methodology and our approach to align with your external auditor and offer the most flexible service delivery approach to help maximize external auditor reliance and eliminate duplicative efforts.

Sarbanes-Oxley Consulting
and Compliance

The Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”) is a U.S. federal legislation that was enacted to restore investor confidence in the financial markets and to enhance the quality of financial reporting. This legislation has created significant challenges for executives, directors, auditors, and others to satisfy the requirements in a cost-effective and value-added manner.

At CNM, we have successfully guided companies through the initial implementation of Section 404 as well as assisted in continuing compliance efforts subsequent to implementation and supporting external auditor attestation. We have extensive experience helping create and maintain effective SOX control structures in various industries through periodic SOX regulatory updates and requirements such as Staff Audit Practice Alert Number 11 (Considerations for Audits of Internal  Control over Financial Reporting) and COSO Frameworks (2013 and ERM frameworks).

Our detailed internal controls methodology covers all aspects of a SOX engagement, including the risk assessment and scoping, segregation of duties analysis, sample size and error tolerance guidance, walkthrough and test of controls, aggregation of deficiencies analysis and remediation testing. We adapt this methodology and our approach to align with your external auditor and offer the most flexible service delivery approach to help maximize external auditor reliance and eliminate duplicative efforts.

Internal Audit

In today’s rapidly changing business climate, with unprecedented regulatory pressures and market expectations, many organizations face ongoing challenges to improve the effectiveness of their internal audit functions. An increasing number of these organizations find it hard to get the specialized skills needed for a high-performance, cost-effective internal audit function.

Many organizations recognize the benefits of having a strategic partner that can assist with an existing internal audit function or provide a fully outsourced solution.

CNM can customize a solution depending on your specific internal audit needs.

We will help you identify internal audit areas that represent key operational, compliance and strategic risks to your organization. We will work with you to find flexible, cost-effective solutions for achieving your company’s objectives.

Internal Audit Co-Audit and Full Outsourcing

We have provided full range of Internal Audit services to our clients including fully outsourced, co-sourced, and loaned staff internal audit functions for multiple companies in various industries. Although each project is unique, we typically report to our client’s Audit Committee or to the Head of Internal Audit, and as part of our service offerings, we have performed various internal audit activities such as enterprise risk assessments, fraud risk assessments, operational, tactical, regulatory, forensic, business transformation, strategic internal audits, and many other value-added activities.

Under a co-sourcing arrangement, we will work directly with your internal audit department under our tried and true method of full team integration; one team, one goal. We can provide specialized skills and also augment short-term staffing shortages on ad-hoc reviews and projects.

We can assist your organization in developing an internal audit approach focused on high-risk areas rather than the traditional compliance approach. Oftentimes, an organization retains a high-level resource such as a lead internal auditor who is responsible for the organization’s internal audit process and communications with the Audit Committee. We assist by conducting all the agreed-upon internal audit reviews throughout the year.

Internal Audit Services

Internal Audit Co-Audit & Full Outsourcing

We have provided full range of Internal Audit services to our clients including fully outsourced, co-sourced, and loaned staff internal audit functions for multiple companies in various industries. Although each project is unique, we typically report to our client’s Audit Committee or to the Head of Internal Audit, and as part of our service offerings, we have performed various internal audit activities such as enterprise risk assessments, fraud risk assessments, operational, tactical, regulatory, forensic, business transformation, strategic internal audits, and many other value-added activities.

Under a co-sourcing arrangement, we will work directly with your internal audit department under our tried and true method of full team integration; one team, one goal. We can provide specialized skills and also augment short-term staffing shortages on ad-hoc reviews and projects.

We can assist your organization in developing an internal audit approach focused on high-risk areas rather than the traditional compliance approach. Oftentimes, an organization retains a high-level resource such as a lead internal auditor who is responsible for the organization’s internal audit process and communications with the Audit Committee. We assist by conducting all the agreed-upon internal audit reviews throughout the year.

Internal Audit Services