The Wipfli Way
Wipfli History
Fact Sheet
Leadership Team

Culture
Career Path
Communities
Internships
Wipfli U
Career Opportunities
Total Rewards
Wipfli Alumni

Auto Dealerships
Construction and Real Estate
Financial Institutions
Health Care
Manufacturing and Distribution
Nonprofit and Government

Audit and Accounting Services
Consulting Services
Individual Services
International Services
Merger and Acquisition
Outsourcing Solutions
Products
Retirement Plan Solutions
Risk Management
Tax Services
Troubled Economy – Surviving and Thriving (TEST) Task Force
Valuation Forensic and Litigation Support
Browse All Solutions

Services

Audit and Accounting Services
Consulting Services
Individual Services
International Services
Merger and Acquisition
Outsourcing Solutions
Products
Retirement Plan Solutions
Risk Management
Tax Services
Troubled Economy – Surviving and Thriving (TEST) Task Force
Valuation Forensic and Litigation Support
Browse All Solutions

Home

Services

Risk Management

Compliance Consulting

Compliance Consulting (SOX, GLBA, PCI...)

Organizations face great challenges managing their risks and, at the same time, complying with laws, regulations, and internal policies that govern their industry. All of this needs to be done in cost-effective manner. Wipfli’s professionals help your organization avoid penalties of noncompliance. Based on clients’ objectives, we can perform and test compliance of:

Sarbanes-Oxley (SOX)
Red flags
HIPAA
Gramm Leach Bliley Act (GLBA)
FACTA
Payment card industry (PCI)

We can also:

Conduct periodic compliance monitoring
Conduct training
Document compliance policies and procedures

Featured Solutions

Sarbanes Oxley (SOX) Services

Wherever you are on the road to compliance with Rule 404 of the Sarbanes Oxley (SOX) Wipfli can help. Regardless if you are just getting started, looking for best practices to improve a struggling program, or trying to reduce the cost but not the quality of a long standing and successful program, we can help with resources, a top down risk model, best practices and resources.

Not a publicly traded company? You still may find value in implementing a SOX program. A significant number of non-profits, closely-held businesses, and governmental organizations not required to comply with SOX have experienced governance and internal control benefits from voluntarily implementing a SOX program. If you are interested in these benefits let us show you how to implement a “SOX-lite” program, that is heavy in internal control and governance benefits, and light on cost and unnecessary steps.

Wipfli’s SOX 404 management consulting and compliance team works with organizations from large to small and across many industries to implement and improve SOX programs and assure SOX compliance. Our team can assist you with all aspects of your requirements under SOX, from developing a top down risk based approach, to developing best practice tools and templates to turn your SOX program data into internal control knowledge, to providing you the resources you need to fill technical and capacity resource gaps. Let Wipfli work with you to tailor your SOX program to fit your needs and meet your objectives, so you can concentrate on your core business by allowing us to do ours.

Payment Card Industry (PCI) Data Security Solutions

Today many organizations and businesses accept and process credit cards; which means they may have access to sensitive and private customer information. To maintain customer confidence in your organization and protect sensitive customer data, most credit card associations have adopted the Payment Card Industry (PCI) Data Security Standard, which was jointly developed by VISA and MasterCard.

At Wipfli, PCI Compliance testing goes beyond running scanning tools. Through inquiry, observation, inspection, and scanning we uncover the underlying causes for vulnerabilities by evaluating network management practices.

SEC and Regulatory Filings

Wipfli LLP – Public Company Services

Integrated Financial Statement Audit

Wipfli is a member of the Public Company Accounting Oversight Board (PCAOB) and has all of the resources necessary to serve as the external auditor for the small to medium-sized public company within the industries we serve. We have a long history of providing audit services to public companies. In servicing public companies, we take a realistic approach to the integrated, audit and challenge the companies management to document and test the key controls that have the most significant effect on providing an appropriate internal control system over the financial reporting process. These controls become the basis for the intergrated audit that focuses on the risks present in the public company.

Our partners take an active role in managing our public company audit engagements. This active management style gives you more access to the decision makers than our competitors in the national firms. Our partners staff public company engagements not only with audit and tax professionals with experience in your particular industry, but also with professionals in all areas of our service lines to ensure that you get the best service. These additional professionals will have expertise in internal audit, information technology, valuation, and fraud.

The professionals in Wipfli’s Public Company practice regularly attend continuing education related to Securities and Exchange Commission filings and auditing in the public arena. We also participate in annual SEC and PCAOB conferences. As members of the AICPA’s Center for Audit Quality, we have access to many of the same resources as the national firms.

Regulatory Compliance

The Risk Management Group provides regulatory compliance services as one of its core services to financial institutions throughout the Midwest. The regulatory compliance approach is centered on risk-focused, best-practice solutions and service excellence.

Our team will work with you to:

Identify, evaluate, and test risks associated with:
- Truth in lending
- Fair lending
- Real Estate Settlement Procedures Act
- Community Reinvestment Act
- Fair credit reporting/FACT Act
- Home Mortgage Disclosure act
- Funds availability
- Truth in savings
- Electronic Funds Transfer Act
- Bank Secrecy Act/USA PATRIOT Act
- Internet website
Provide compliance support for new products, services, or marketing campaigns
Provide routine compliance testing and solutions to issues detected
Conduct pre- and post-compliance examination reviews
Provide assistance with policy and procedure development and training

Foreign Corrupt Practices Act (FCPA) Regulatory Compliance Programs

Conducting business in an international economy brings with it specific risk considerations, even for nonpublicly held entities. Of those, the bribery of foreign officials and monitoring of foreign activities have the greatest potential for high-dollar litigation, regulatory enforcement action, and criminal prosecution against organizations that conduct business internationally. Enacted in 1977, the Foreign Corrupt Practices Act has laid the groundwork for multimillion dollar settlements and numerous criminal convictions of noncompliant organizations. An organization is at risk not only from the actions of its employees, but also from the actions of third parties such as agents, distributors, partners, freight forwarders, customs brokers, or any person acting on the organization’s behalf. Potential enforcement penalties include criminal fines for the organization, criminal fines and imprisonment for individuals (including individuals with no actual knowledge or direct involvement in the alleged violation), and regulatory enforcement actions. Implementing a functioning proactive compliance program mitigates both your risk of a violation occurring or potential penalties in the event of a violation.

HIPAA Security Assessment

The HIPAA security regulations have caused organizations to scrutinize how they secure and employ their information technology. In response, progressive health care organizations have engaged Wipfli to assist with HIPAA compliance and to use the opportunity to improve information technology management. Our HIPAA Security program is not “one size fits all.” Wipfli will work with you to develop an approach that best fits your organization. Some of the steps in the program are as follows:

Review the administrative, physical, and technical safeguards
Provide an assessment report comparing organization to similar organizations
Conduct a risk assessment for identifying changes required in the organization
Prepare an action plan to address identified risks including strategies for achieving and maintaining compliance
Draft security policies and procedures
Prepare education and training programs required to meet HIPAA’s training requirements
Perform a final compliance review

View all Risk Management solutions

Featured Success Story

American National Bank Fox Cities. Wipfli helps implement a risk management program.

Implementing an extensive risk management progam that included standards affecting administrative, technical, and physical safeguards.

Read More

Subscribe to Industry News: