Risk Management and Audit Assurance

We are proponents of the Institute Of Internal Auditor’s Three Lines of Defense strategy to achieve optimal effectiveness of Enterprise Risk Management (ERM) and Operational Risk Management (ORM) programs

The Board of Directors and its members are the fiduciaries who steer the organization towards a sustainable future by adopting sound, ethical, and legal governance and financial management policies.  In order to carry out this trusted responsibility, the board delegates senior management the responsibilities to come up with processes that will ensure corporate objectives. Senior management has the responsibility to identify impediments, key risks, assess its potential to adversely impact the achievement of corporate goals. Management is tasked with designing action plans to minimize critical risk and increase the likelihood of achieving corporate goals.

We are experts in identifying and assessing all the corporate processes (Accounting, Business Operations, and Information Technology) that will help in achieving corporate goals. Our strategy is the deployment of the Institute of Internal Auditors (IIA) three lines of defense strategy as shown below. Our extensive experience will strengthen these three lines of defense and we are very confident in maximizing the positive impact to achieve corporate goals.

Strategy – The Three Lines of Defense

Three Lines of Defense Strategy as articulated by the Institute of Internal Auditors (IIA)

In carrying out our plan of action, we will engage the following strategies:

  • 1st line of defense: Our experienced professionals will work with the accounting, operations and information technology teams in designing, documenting and assessing their critical processes. We will identify the risks, associated controls, control owners and help the teams in the execution of controls. We will help management build relevant policies, procedures and standards to ensure streamlining of procedures and improve its operational excellence.
  • 2nd line of defense: Our team will assist in preparing risk assessments; perform testing to ensure design and operating effectiveness of the controls, and support management in identifying and addressing issues and findings.
  • 3rd line of defense: We work with or provide an audit team to review processes to provide assurance to management that all corporate practices are governed effectively to achieve corporate objectives. Our audits can range from a review of specific business activities through to an organization’s governance, risk management and overall financial health.

We are experienced in reviewing the business operations of our clients and help with operational efficiencies in line with our internal control framework. We are experts in performing information technology audits, including cloud security assessments.  Our detailed audits will significantly help in reducing the cost burden of external audits, ensure compliance and mitigate costly penalties or remediation imposed by Insurance and Banking regulators.

We sincerely hope you will consider us as your trusted partners in achieving compliance, reducing cost overruns and help in achieving corporate objectives.

2nd Line of Defense – Risk Assessment

As part of the 2nd line of defense in Enterprise Risk Management, BLC Global can help conduct risk assessments in the following areas and develop detailed documentation including policies, procedures and standards. In addition we are experts in conducting management testing to ensure the design and operating effectiveness of internal controls:

  • Risk assessments in all areas of Information Technology including:
    • Disaster Recovery
    • Vendor Management
    • Cybersecurity assessments
    • Network infrastructure
    • Cloud security
    • Application development and deployment
  • Banking industry operational risk assessments relating to:
    • Retail banking services including mortgage, loans, deposits and checking accounts.
    • Business banking operations including start-up loans, collecting deposits and investments.
  • Insurance Operations risk assessment relating to:

    •  Claims consulting

    • Underwriting and operations

    • Workers’ compensation

    • Warranty and service contract consulting.

3rd Line of Defense – Internal Audit

BLC Global is suited to be your first choice for complex compliance audits, integrated control testing and remediation.

  • AML (Anti-Money Money Laundering)
  • BASEL I, II, III Accord (Basel Committee on Bank Supervision)
  • BSA (Bank Secrecy Act)
  • CCPA (California Consumer Privacy Act)
  • Financial Services operations
  • GDPR 2018 (General Data Protection Regulation)
  • ICFR (Internal Control over Financial Reporting)
  • Information Technology
  • KYC (Know Your Customer)
  • KYCC (Know Your Customer’s Customer)
  • NAIC Model Audit Rule (MAR Section 16)
  • OFAC (Office of Foreign Assets Control)
  • Service and Organization Controls (SOC 1, 2, 3)
  • SOX (Sarbanes Oxley Act, Sections 303 and 404)
  • STAR (Security Trust and Assurance Registry)
  • US GAAP and IFRS Audits