Wipfli logo

Regulatory risk and compliance

Menu

Manage your risk with tailored, proactive solutions

Rapidly advancing technology and an increasingly complex compliance landscape are disrupting risk management and compliance processes across industries. To secure your future and protect against threats today, you need to manage risk with confidence and efficiency.

The right risk strategy not only protects you but also drives productivity and profitability. The right team can ease the strain on your in-house operations and deliver guidance on the best governance, compliance and risk models to better protect your business.

Why Wipfli?

Wipfli’s integrated services can help you align your people, processes and technology in keeping your organization compliant and secure.

But more than that, we bring industry-specific expertise, so we deliver the latest information and best practices to you instead of the other way around.

When you partner with Wipfli, you can get broad, strategic advice, tangible road maps and specific compliance execution. Our services include: 

Internal audits

 

Whether you need support for your internal audit team or a hands-off solution, Wipfli can help. Our audit team brings extensive experience and an advisory mindset to help you identify your true risk and develop a tailored internal audit plan. We provide guidance — not just a checklist — for remediation so that you can determine what approaches and solutions suit your organization’s challenges and goals.

We can also support your organization with quality assurance reviews for internal audits. We work with your team to help gain insights into performance and the value of your internal audit function.

 

PCI compliance

Help ensure compliance with the Payment Card Industry (PCI) Data Security Standard with Wipfli. Our cybersecurity team doesn’t just help you identify gaps against standards, we also apply targeted solutions to help you maintain a secure environment.

ISO 27001

 

Wipfli has conducted ISO 27001 audits for a range of organizations and environments, and we apply those experiences and best practices to supporting your organization in achieving certification success.

When you leverage our team as a partner in your information security program, we truly get to know your organization and its challenges. We also conduct audits in the same manner your certifier will so that you’re prepared to provide your policies, procedures and supporting evidence.

 

 

HITRUST

 

As one of the longest-tenured HITRUST assessor firms, Wipfli is ready to help you define an accurate scope, identify controls and develop targeted solutions for any gaps. We work closely with your organization, taking time to understand your needs and guiding you through each step in the process.

 

RMAI compliance

 

As Receivables Management Association International (RMAI)-authorized audit providers, Wipfli understands the unique regulatory demands of the receivables industry. Our compliance professionals bring concentrated financial services industry knowledge and experience to assess your organization’s CRB and CRV certification readiness and complete your compliance audit.

 

Industry-specific compliance

 

Wipfli offers industry-specific regulatory compliance services for:

 

Our team

Durward J. Ferland, Jr., CISA, CISM, CRISC

Durward has extensive knowledge of System and Controls (SOC) auditing and the Control Objectives for Information and Related Technology (COBIT). Leveraging over 18 years of IT experience, he also regularly performs IT audits, IT general control reviews, and readiness assessments for organizations across many industries.

Durward Ferland, Partner, South Portland, Maine
Full profile

Sarah G. Lutzke, CIA

Sarah leads the internal audit service line for Wipfli. Still deeply involved with her clients, Sarah leads outsourced internal audit engagements and manages co-sourced arrangements, ensuring Wipfli’s risk management consulting assistance is tailored to the individual circumstances of each client. Sarah has the experience and ability to evaluate controls within a process and provide sensible recommendations to strengthen operating environments.

Lutzke, Sarah
Full profile

Karen Johnston, CCSFP, CIA, CISA, CCSFP-CHQP

Karen has more than 15 years of experience in public accounting and private industry. She applies her experience in risk advisory services and assists her clients in protecting and tailoring their business environment to mitigate risk, identify trends, increase efficiencies, and gain a competitive advantage.

Karen Johnston
Full profile

Let’s talk about enhancing your risk and compliance management.

Securing your data
How we helped one organization undertake both HITRUST and SOC audits successfully.
See their story
Key insights into regulatory, tariff and tax policy changes

Stay updated in 2025 on the impact of new policies and laws on your organization.

Visit our resource hub
Explore Wipfli risk articles
Third-party attestations and surprise exams: A practical guide for registered investment advisors
05/09/2025
By: Sarah K. Williams
Training: The foundation of excellence
04/23/2025
By: Stephanie Jennings
Back to basics: Fiduciary account reviews
04/10/2025
By: Cristina Deschaine
Read All Wipfli Insights
Wipfli - Perspective changes everything video
Our perspective drives growth

For more than 90 years, Wipfli has used our unique perspective to deliver practical yet transformational solutions to our clients. Our integrated approach helps mitigate risk, optimize performance and accelerate growth.

EVENTS
5/21/2025 12:00 PM
Boost sales and retention with Dynamics 365 for manufacturing
5/27/2025 10:00 AM
What a new executive director needs to know about finance
View All Wipfli Events
News
5/20/2025
Wipfli announces 13 new partners
5/12/2025
Wipfli Foundation announces 2025 grants and 20th anniversary
4/24/2025
Wipfli celebrates multiple wins at the Hermes Creative Awards 2025
Read All Wipfli News