Risk Audits & Assessments

Organizations face many risks in every department and at every level. Your organizational success depends on your ability to identify and mitigate these risks. Wipfli can help identify those risks and assist in managing risk levels within the organization.

Each organization is unique, as is each risk assessment. However, clients commonly receive risk assessment value from:

• Formal framework for the board and senior management to use in monitoring and managing risk
• Risk mitigation plans
• Better allocation of limited capital and resources
• Improved organizational performance
• Baseline for a three-year internal audit plan
• Meeting regulatory, exchange, or other compliance requirements

How much would you pay for a crystal ball on risk? At Wipfli, we do not believe in magic, but we do believe in helping clients create successful risk models. We define success as a model that is:  1) usable 2) useful in driving future activity, and 3) sustainable. So, whether your model requires a stochastic or deterministic output, or a quantitative or qualitative approach, or something in between, we can help you build, facilitate, and maintain your risk modeling. Let Wipfli make your crystal ball on risk a reality.  

Wipfli’s internal audit service helps management monitor its risk-management effectiveness on an ongoing basis. Our certified and seasoned professionals identify potential weaknesses and offer practical recommendations to improve internal controls and reduce risk. Whether outsourced, cosourced, or used on an as-needed basis, our internal audit services provide flexible delivery options.

Services:

• Internal control risk assessments
• Risk-based audit planning
• Operational audits
• Independent and objective analysis
• Special project needs
• Internal auditor training
• Internal auditor workpaper review and mentoring
• Advice and consultation on internal control issues, control design, and risk-reduction strategies

• Analyze third-party contracts
• Identify and assist in managing key risks
• Develop and maintain financial controls
• Perform detailed review of project documentation
• Avoid unnecessary costs
• Identify overcharges and avoid litigation

Though you strive to provide seamless customer service and transparency to your customers, customers still often request validation of your internal business process controls.  For this reason, you need to offer transparency of information with open auditing of customer-related records to meet and exceed customer expectations.  Wipfli can assist in providing an objective analysis of your business process controls.

The Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a guideline that allows service organizations to disclose their business control activities and processes to their customers and their customers’ auditors in a uniform reporting format.  A SAS 70 Audit is not a predetermined set of control objectives/activities that organizations must achieve.  However, a SAS 70 Audit allows organizations to demonstrate business control objectives.  It also provides the ability to evolve controls and increase the level of audit evidence, thereby demonstrating improvements to customers and business partners.

There are currently two types of SAS 70 examinations:

• Type I - Describes controls as of a specific point in time
• Type II - Includes the description and detailed testing of controls over a minimum six-month period

Our professionals take pride in their ability to offer personalized service to help you meet your organization’s goals. Your organization and industry are unique and should be treated as such. That is why Wipfli’s SAS 70 Audit services are scaled to fit your organization. Wipfli provides SAS 70 examinations for a wide variety of service organizations to:

• Assist in the documentation of business processes.
• Review business processes for control adequacy.
• Validate business processes through testing, which verifies the defined processes are consistently conducted in accordance with established policy and procedural guides and industry regulations (as applicable).

There are currently two types of SAS 70 examinations:

• Type I - Describes controls as of a specific point in time.
• Type II - Includes the description and detailed testing of controls over a minimum six-month period. 

Our information technology professionals provide IT examination services as one of their core services. The information technology examination function is critical to your organization's successful operation because it can identify risks and provide solutions to mitigate them. Our service provides thorough testing and detailed process evaluation over information systems by certified experts and experienced professionals.

Wipfli LLP’s IT examination services are designed to identify and evaluate the quantity of the risks and the quality of the controls and security measures in place over your information systems. The most critical objective of the information technology examination is an evaluation of the protection of critical assets within the information systems. Our procedures include:

• Information security
• Safeguarding nonpublic customer information
• Operational policies and procedures
• Management involvement and oversight
• Vendor management
• Business continuity planning
• Core processing systems
• Electronic funds transfer systems
• Network, personal computer, and firewall controls
• Electronic banking applications and controls