²ÝÝ®ÊÓƵ

Internal Audit Services

Whether your organization has an established internal audit (IA) function or is just building one, ²ÝÝ®ÊÓƵ can help.ÌýEach solution is tailored to your entity’s specific risk profile and focuses on the core elements of IA: assurance, insight and objectivity.

Our internal audit services include:

• Comprehensive risk assessment and audit planning
• Internal audit plan development and execution
• Documentation, testing, and remediation of internal controls
• Audit Committee and Board education
• Quality assurance and external quality assessment (EQA) support aligned with Institute of Internal Auditors (IIA) ÌýGlobal Internal Audit Standards
• IT audit integration within the internal audit program

Complying with IIA Standards

The IIA’s updated Global Internal Audit Standards (effective January 2025) and ongoing release of topical requirements raise the bar for audit quality, objectivity, and risk coverage. Our team helps internal audit functions align with these requirements — whether through co-sourcing support or independent quality assessments.

Internal Controls & SOX / ICFR Compliance

The integrity of your financial reporting depends on the strength of your internal controls over financial reporting (ICFR). A well-designed control environment helps prevent and detect financial misstatements — and is central to compliance with Sarbanes-Oxley (SOX) and Federal Deposit Insurance Corporation Improvement Act (FDICIA) requirements.

²ÝÝ®ÊÓƵ’s professionals are experienced across complex organizational structures, information systems, and industry-specific challenges — including mergers and acquisitions, new system implementations, and evolving accounting standards.

Our SOX and internal controls services include:

• Initial SOX 404 or FDICIA program implementation
• Process documentation and control design
• Internal control design and operational effectiveness testing
• Control remediation and gap resolution
• Program management organization (PMO) support
• ICFR training for control owners and management

How do I improve internal controls?

Start with a risk-based assessment of your current control environment to identify gaps, redundancies, and design weaknesses. ²ÝÝ®ÊÓƵ’s team helps you build a control framework that is both effective and efficient — eliminating unnecessary burden while closing real exposure.

Enterprise Risk Management (ERM)

Effective enterprise risk management gives leadership a clear, prioritized view of the risks that matter most — and a structured approach for monitoring and responding as conditions change.

Our ERM services include:

• Enterprise risk assessment
• Risk-leveling and prioritization
• Organizational governance reviews
• On-going governance processes for monitoring and response

Digital disruption, emerging technologies and AIÌýare among the fastest-growing categories of enterprise risk. Our team helps organizations assess and govern the risks introduced by artificial intelligence (AI), automation, and digital transformation — ensuring innovation doesn’t outpace accountability.

IT Audits

Your technology environment is only as strong as the controls governing it. ²ÝÝ®ÊÓƵ’s IT audit professionals evaluate your IT general controls and assess your environment against industry standards — providing clear findings and actionable recommendations.

IT audit coverage areas:

• IT general controls: access management, change management, IT operations, and system development life cycle (SDLC)
• Documentation and testing of IT control processes
• Logical access and access review processes
• Network architecture and security log monitoring
• Backup and contingency planning / disaster recovery
• Mobile device administration
• Antivirus and patch management

IT audit is typically integrated into internal audit programs and SOX/ICFR engagements, providing end-to-end assurance over technology risks.

Cybersecurity, Vulnerability Assessments & Penetration Testing

“How do I ensure we won’t be the victim of a cyberattack?”

The answer starts with knowing where your vulnerabilities are — before attackers find them. ²ÝÝ®ÊÓƵ’s cybersecurity professionals perform rigorous, hands-on assessments to identify weaknesses in your systems and help you close them.

Cybersecurity services include:

• Cybersecurity risk assessments and consulting
• External, internal, and wireless vulnerability assessments
• Penetration testing (external, internal, web application)
• Social engineering assessments (phishing simulation, phone-based, in-person)
• Information Security Program reviews
• IIA Cybersecurity Topical Requirement compliance support

Social engineering

Human behavior remains one of the biggest cybersecurity risks. Our social engineering simulations test whether your team recognizes and responds appropriately to real-world attack scenarios — and provide targeted training to reduce susceptibility.

AI and emerging technology risk

As organizations adopt AI tools, the attack surface expands. ²ÝÝ®ÊÓƵ helps assess AI-related security risks, data governance exposures, and controls over automated decision-making.

Cybersecurity assessments

Ready to proactively manage your organization’s risks? Contact ²ÝÝ®ÊÓƵ’s Risk Advisory Services team today for a cybersecurity assessment.

Contact Jessica Dore for IT related advisory services.

Contact Jessica

Fraud Risk Assessment & Prevention

“I’m concerned that fraud could happen — and I wouldn’t know until it was too late.”

Fraud risk exists in every organization. The question is whether your controls are strong enough to prevent it — and whether you have the detection mechanisms in place to catch it quickly when prevention falls short.

Our fraud and forensic services include:

• Fraud risk assessments aligned with the ACFE’s Fraud Risk Management Guide
• Design and evaluation of anti-fraud controls
• Fraud and forensic accounting for investigations and litigation
• Business interruption calculations
• Whistleblower program effectiveness reviews

A proactive fraud risk assessment identifies where your organization is most exposed — before an incident occurs.

Regulatory Compliance

Regulatory requirements continue to multiply across industries. ²ÝÝ®ÊÓƵ’s compliance professionals provide industry-specific expertise to help organizations navigate an ever-changing landscape.

Compliance services include:

• Financial institution regulatory compliance (banking, credit union)
• Industry-specific regulatory gap assessments
• Compliance program design and monitoring

Learn More About Our Industry Expertise