Risk Advisory

Risk Advisory


The most successful companies and organizations recognize that risk is a part of business. With regulations like Sarbanes-Oxley, the Gramm-Leach-Bliley Act (the Financial Services Modernization Act), HIPAA, PCI-DSS, HITRUST risk and compliance management framework,  OMB Circular A-133 for nonprofits, and OMB Circular A-123 for federal agencies, risk assessment has become a required part of daily business. In addition, internal audit departments are increasingly required to play a more strategic role while continuing to address the daily operational and financial risks of their organizations.

Combining extensive industry expertise with in-depth technical experience, our risk advisory team reviews the policies, processes, systems, and controls of businesses and nonprofits operating in the western U.S. and across the country. We help organizations like yours see risk differently.
Enterprise Risk Management Solutions
Our enterprise risk services provide the actionable information you need to better understand today's constantly shifting regulatory, technological, and market dynamics. We also provide the solutions that allow your organization to thrive in uncertain times. More »
Fraud Prevention and Detection
A single occurrence of fraud can result in substantial fines and penalties and disastrous damage to your business’s reputation and revenue. Our fraud advisory services look at fraud risk and internal controls to identify areas where fraud can be prevented. Our fraud prevention services expand on this with a focus on ethics and compliance programs to foster proper conduct throughout the organization. More »
IT Audit and Governance Advisory
Many internal audit departments are staffed primarily by financial auditors who may not have the backgrounds and expertise to address IT risks. Our team of specialists helps establish joint audits during which financial and IT auditors work together to assess controls surrounding information systems and operational and financial reporting functions. More »
Regulatory Compliance
Today's regulatory environment presents a maze of overlapping regulations. With our industry risk advisory and IT expertise, we help you address regulatory compliance in the most strategic way possible and add significant value to your organization. More »
SOC Readiness Assessment
Our Service Organization Control (SOC) readiness assessment is an important tool for identifying high-risk activity, compliance issues, and assessing control activities prior to conducting a SOC 1, SOC 2, or SOC 3 audit. More »
SOC Audit Engagements
Service Organization Control (SOC) attestation reports build confidence and trust. We provide SOC 1 (SSAE 16), SOC 2, and SOC 3 that communicate demonstrate the strength of financial, operational and data protection controls at your organization. More »

Talk with Our Service Area Lead

Contact Angela Appleby to discuss your risk advisory options.


Angela Appleby
Although not a legal requirement for public companies, the SEC issued new guidance for the disclosure of cybersecurity threats or incidents. Find out what actions your company needs to take to adhere to the guidance.

Read more »