Risk Assurance and Advisory Services

Our risk assurance and advisory professionals bring innovative and integrated solutions to help decision makers effectively manage their business and meet regulatory requirements.


Whether financial, operational, regulatory or technological, our Risk Advisory and Assurance services offer end-to-end internal audit and risk management solutions. We help clients identify key risk areas in business processes and financial reporting and recommend ways to control risk exposure and maximize efficiency.

We support our clients in all areas, including:

  • Contracts Review and Compliance
  • Internal Audit and Compliance
  • Internal Controls over Financial Reporting/SOX Readiness and 404 Compliance
  • IT Audit and Compliance
  • IT Security and Privacy
  • SOC Reports and Readiness

Risk Assurance

Understanding and managing risk is a key driver of increased stakeholder value. Whether it’s financial, operational, regulatory or technological risks, we help you control your risk exposure. BPM’s Risk Assurance and Advisory group is here to help you uncover opportunities and reduce unwanted surprises.

The pertinent objective of our Risk Assurance and Advisory services team is to consistently deliver high-quality, distinctive services to our clients aligned with stakeholder needs and expectations. Together with our Information Technology Audit and Compliance group, we provide comprehensive risk assurance counsel to emerging growth, late-stage, private and public companies.

Our team has extensive experience in the following services: Internal Audit; Internal Controls over Financial Reporting (ICFR) or SOX Readiness and 404 Compliance; Close Process Optimization; IT Audit, including SOC Examinations; IT Compliance; and Information Security.

Enterprise Risk Management

Managing risks has never been more important than today. The evolution of technology, innovation and globalization have brought unique risks to the marketplace. The business landscape continues to change as organizations find new ways to compete in today’s global economy. Our risk assurance and advisory professionals help clients create programs to strategically address operational and financial reporting, compliance, IT, and cyber risks proactively.

Our Enterprise Risk Management (ERM) services include:

  • Corporate Governance and Risk Management
  • Enterprise-wide Risk Assessments
  • ERM Implementation and Guidance

Internal Audit

Our experienced professionals audit financial, operational and financial risks and controls across your organization in accordance with professional standards established by the Institute of Internal Auditors (IIA). We have deep knowledge across industries, helping organizations with a wide range of needs, from outsourced internal audit to audit execution and audit committee board reporting.

Internal Audit services

  • Internal Control Outsourced Internal Audit Services
  • Strategic Audit Planning
  • Internal Audit Review of Risks and Testing of Internal Controls
  • Business Process Walk-Throughs
  • Process Flows and Narratives Development
  • Policy and Procedures Development

Sarbanes-Oxley 404 and ICFR Compliance

The Internal Control over Financial Reporting (ICFR) process is essential to ensure that information reported in financial statements is accurate and complete. Our team helps organizations build a risk management program and strong internal controls. This includes supporting companies preparing for an IPO or those that have recently completed one.

We advise public companies in fulfilling the following requirements:

  • Co-sourced and Outsourced SOX and ICFR Program Services
  • Pre-IPO SOX Readiness
  • SOX 404(a) and 404(b) Compliance
  • Test of Controls Design and Operational Effectiveness
  • Financial Risk Assessment Development
  • COSO Framework Implementation
  • Segregation of Duty (SOD) Assessment
  • SOC1 Evaluation Analysis
  • Fraud Analysis Assessment