OUR COMPANIES ARE UNDER INCREASING PRESSURE TO DEVELOP, IMPLEMENT AND MAINTAIN EFFECTIVE AND EFFICIENT GOVERNANCE AND RISK MANAGEMENT SYSTEMS
This is no longer just a compliance and regulatory requirement, but becomes crucial for planning and preventing the occurrence of risks, for improving and strengthening processes and, above all, for making informed business decisions.
It is also vital that governance, risk management and compliance models are aligned with the corporate strategy in order to create value for the company.
This is why our clients rely on RSM.
At RSM, we understand the complexity of the scenario our clients face and support them to get the most value from their governance and risk management system. We achieve this by supporting in the design, review and implementation of risk management and compliance solutions that are effective, yet practical, fit-for-purpose and efficient.
Our Services
We can be at the side of our clients during design and implementation projects of internal control systems in accordance with national and international standards and frameworks, and we can be an independent figure in assessing how such control systems are defined (assessment of design and operational effectiveness).
Among the various areas we work on are:
- Design, audit and evaluation of policies and procedures and the internal control system
- Implementation of the SOx compliance management framework Sarbanes Oxley act (SOx readiness)
- Support to the Financial Reporting Officer, according to L. 262:2005 for the preparation of the framework of procedures and controls (so-called 262 readiness)
- Support for carrying out design evaluation and testing activities in SOx Sarbanes Oxley act and L. 262:2005
The risk management process supports companies, prevents and resolves risks in various areas by improving their competitiveness, economic-financial management and general management. In the wake of this revolution, RSM has established a team dedicated to providing consultancy and operational support to identify and map critical areas and implement appropriate risk management systems.
Among the various areas we work on are:
- Design, audit and evaluation of risk management processes
- Building and updating the Enterprise Risk Management model of policies and related tools
In an ever-evolving age, in which organisations have the need to transform themselves and at the same time the necessity to keep up with their competitors, business processes must adapt, trying where possible to anticipate the necessary changes. In this regard, RSM's specialists can support you in mapping your processes and controls, assessing them on the basis of risk-based approaches or in accordance with the main national and international standards, and they can also support you in the evolution of the same through Business Process re-engineering techniques.
There are many advantages to adopting business process outsourcing approaches, however such an approach may entail additional risks if the service provider does not have an adequate internal control system in place.
RSM can help you define and develop an assurance scope of your service provider's or outsourcer's controls to be aligned with your business objectives and compliant with your regulatory and control requirements.
The risk management process supports companies, prevents and resolves risks in various areas by improving their competitiveness, financial and general management. In the wake of this revolution, RSM has established a dedicated team to provide consultancy and operational support to identify and map critical areas and implement appropriate risk management systems.
This includes:
- Ensure that adequate controls are in place at your outsourcer to mitigate the main process or technology risks faced by your organisation
- Carrying out checks and audits (according to international audit standards - such as ISAE 3402, ISAE 3000 or AUP Agreed Upon Procedures) for the purpose of certifying the internal control system or specific control objectives, also by issuing reports for the evaluation of the design (Type 1) or operational effectiveness over a defined time period (Type 2)
Below are the main attestations for which customers rely on RSM's specialist team:
SOC1 - The purpose is to assess a service provider's system of internal controls in order to provide assurance for financial reporting purposes.
SOC2 - The purpose is to evaluate a service provider's system of internal controls based on the criteria and principles "Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy" issued by the AICPA (Assurance Services Executive Committee). The SOC2 report aims to meet the various user requirements that need to be understood by the internal control of a service organisation in relation to the specific criteria of security, availability, processing integrity, confidentiality and privacy.
SOC3 - The purpose is very similar to SOC2, responding to the SSAE 18 standard, in particular sections AT-C 105 and 205. It is an attestation issued in the form of a report by a licensed independent auditor concerning the internal control system implemented by an organisation offering outsourced services. The SOC3 provides assurance regarding security and confidentiality controls, in line with the AICPA Trusted Services Principles. This includes an opinion from an external auditor on the effectiveness of the operation of the controls.
We are familiar with the main practices and guidelines, having helped many organisations to develop or improve their Business Continuity Plans and Disaster Recovery Plans, and we support our clients in arriving prepared to handle unforeseen events through careful planning, testing and staff training.
Among the various areas we work on are:
- Support in conducting Business Impact Assessments of crisis scenarios on business processes deemed critical
- Design, audit and evaluation of Business Continuity and Disaster Recovery plans
- Design, audit and evaluation of the regulatory framework for crisis management
- Support in the preparation of the ISO 22301 management system and accompaniment to certification