We are proponents of the Institute Of Internal Auditor’s Three Lines of Defense strategy to achieve optimal effectiveness of Enterprise Risk Assessment (ERM) and Operational Risk Assessment (ORM) programs
The Board of Directors and its members are the fiduciaries who steer the organization towards a sustainable future by adopting sound, ethical, and legal governance and financial management policies. In order to carry out this trusted responsibility, the board delegates senior management the responsibilities to come up with processes that will ensure corporate objectives. Senior management has the responsibility to identify impediments, key risks, assess its potential to adversely impact the achievement of corporate goals. Management is tasked with designing action plans to minimize critical risk and increase the likelihood of achieving corporate goals.
We are experts in identifying and assessing all the corporate processes (Accounting, Business Operations, and Information Technology) that will help in achieving corporate goals. Our strategy is the deployment of the Institute of Internal Auditors (IIA) three lines of defense strategy as shown below. Our extensive experience will strengthen these three lines of defense and we are very confident in maximizing the positive impact to achieve corporate goals.
Strategy – The Three Lines of Defense
Three Lines of Defense Strategy as articulated by the Institute of Internal Auditors (IIA)
In carrying out our plan of action, we will engage the following strategies:
1st line of defense: Our experienced professionals will work with the accounting, operations and information technology teams in designing, documenting and assessing their critical processes. We will identify the risks, associated controls, control owners and help the teams in the execution of controls. We will help management build relevant policies, procedures and standards to ensure streamlining of procedures and improve its operational excellence.
2nd line of defense: Our team will assist in preparing risk assessments; perform testing to ensure design and operating effectiveness of the controls, and support management in identifying and addressing issues and findings.
3rd line of defense: We work with or provide an audit team to review processes to provide assurance to management that all corporate practices are governed effectively to achieve corporate objectives. Our audits can range from a review of specific business activities through to an organization’s governance, risk management and overall financial health.
We are experienced in reviewing the business operations of our clients and help with operational efficiencies in line with our internal control framework. We are experts in performing information technology audits, including cloud security assessments. Our detailed audits will significantly help in reducing the cost burden of external audits, ensure compliance and mitigate costly penalties or remediation imposed by Insurance and Banking regulators.
We sincerely hope you will consider us as your trusted partners in achieving compliance, reducing cost overruns and help in achieving corporate objectives.
As part of the 2nd line of defense in Enterprise Risk Management, we can help conduct risk assessments, identify areas for improvement and develop detailed documentation including policies, procedures and standards. In addition, we are experts in conducting management testing to ensure the design and operating effectiveness of internal controls.
- Information Technology and Information Assurance risk assessments:
- Application development and deployment
- Cloud security
- Cybersecurity assessments
- Disaster Recovery
- Network infrastructure
- Vendor Management
- Banking industry operational risk assessments relating to:
- Retail banking services including mortgage, loans, deposits and checking accounts.
- Business banking operations including start-up loans, collecting deposits and investments.
- Insurance operations risk assessments relating to:
- Claims consulting
- Underwriting and operations
- Workers’ compensation
- Warranty and service contract consulting.
- SOC for Cybersecurity
- American Institute of Certified Public Accountants (AICPA) new cybersecurity risk management program
- Independent examination report