Governance, Risk & Controls
Governance, Risk & Controls
DLA’s Governance, Risk & Controls practice serves as a strategic partner to help organizations strengthen governance frameworks, manage risk, enhance compliance, and optimize business and technology controls. Our integrated approach combines deep expertise across Internal Audit, Enterprise Risk Management, Technology Risk, and Cybersecurity to deliver comprehensive, risk-based solutions tailored to each client’s needs.
We help clients establish efficient controls, implement leading-edge practices, and build reliable programs that proactively address evolving regulatory requirements and operational risks.
Through a focus on resilient governance and security frameworks, we support organizations across industries, including finance, legal services, manufacturing, private equity, and real estate, strengthening control environments and driving sustainable, long-term value.
Cybersecurity
DLA helps clients to design, build, evaluate, and test cyber programs, including analyzing their cyber strengths and weaknesses, remediate known vulnerabilities, protect critical assets/data, and reduce risk to the organization. Our service offering in this space includes:
- Cybersecurity risk and compliance assessments:
- Comprehensive technical assessments to reduce the risk of cyber threats
- Maturity assessments against best practices (NIST CSF, CIS, ISO)
- Compliance assessments against regulatory requirements (SEC, PCI, HIPAA)
- Cloud security assessments:
- In-depth review of the configuration, security controls, and services within cloud environments (M365/Azure, AWS, Google)
- Vulnerability and penetration testing:
- Scanning to identify potential system, hardware and software weaknesses
- Technical testing and attack simulation to determine if weaknesses are exploitable
- Application security testing:
- Technical testing targeting web and cloud-based applications
- Cyber & technology due diligence:
- Assessments to evaluate the IT and cyber maturity of a target organization in preparation for an acquisition or investment
- Virtual CISO:
- Executive advisory services focused on the strategic design and implementation of cybersecurity programs
- Resiliency management:
- Advisory and assessment services to enhance business continuity, disaster recovery, and incident response capabilities
- 3rd party risk assessments:
- Security maturity assessments of third parties and supply chain partners
- Cybersecurity risk and compliance assessments:
Enterprise Risk Management
Enterprise Risk Management (ERM) is the process of managing the activities of an organization to minimize the risk of its strategic initiative’s capital and earnings. ERM includes risks not only associated with accidental losses but also with financial, strategic, operational and compliance issues. We also provide comprehensive support for the development and review of various regulatory framework submissions, such as ORSA (Own Risk Solvency Assessment) and others.
The Corporate Governance Benchmarking and Best Practices services focus on helping clients assess and develop an understanding of how the board and senior management executes its responsibilities, including new strategic vision, and become more effective and efficient.
DLA has deep experience performing risk assessments to guide clients through the entire ERM process. We work closely with our clients’ management teams to perform risk assessments and design custom solutions.
A risk assessment is the basis for an effective internal audit strategy. DLA helps anticipate problems, as well as avoid, accept, share, or transfer them if they do occur. Given that risk assessment is the foundation for an effective internal audit strategy, a well-thought-out strategy helps companies not only prioritize their internal audit efforts but also reaches corporate strategic goals, improve profitability, and identify compliance needs to meet governmental regulations and applicable laws.
Organizations that vigorously interpret the results of their risk assessment process, set the groundwork for establishing an effective ERM program and are better positioned to capitalize on opportunities as they arise.
Fraud Assessment
The COSO 2013 Framework requires companies to consider the potential for fraud in assessing risks to the achievement of its objectives. In evaluating the risk of fraud, companies are required to consider various types of fraud, such as incentives and pressures, opportunities, attitudes, and rationalizations. Our team:
- Identifies the wide-ranging types of frauds
- Identifies examples of specific fraud schemes for each type of potential fraud
- Identifies the company’s activity-level and entity-level controls
- Assesses the relative probability and potential magnitude of the identified types of fraud
- Assists with the design of potential enhancements to help mitigate the risk of fraud
IPO Readiness
Being prepared for the demands placed on a public company prior to an IPO is crucial. At DLA, we provide IPO readiness services to ensure that the presentation of financial statements and other financial data meet all disclosure requirements. Typically, pre-IPO companies need to create an organizational and back-office infrastructure with the appropriate internal control and regulatory compliance structure required for publicly traded companies, including:
- Effective corporate governance policies and procedures
- Optimized organizational structure and effective processes to support future growth
- Efficient and effective policies and procedures with appropriate internal controls
- Complete and accurate financial statements prepared on a consistent and timely basis
- Robust financial and reporting systems
- Comprehensive compliance structure to support regulatory requirements (i.e., Sarbanes-Oxley compliance)
Services include:
- SOX Readiness, including coordination with independent auditors
- Financial controls review coupled with the design and implementation of internal controls
- Foreign Corrupt Practices Act (FCPA) compliance
- IPO Process Project Management
- Corporate Governance
- Audit Committee Charter
- Whistleblower Policy and Hotline
- Examination of organizational processes and policies
- Creation of an Internal Audit function (NYSE requirement), including the development of policies and procedures
- Development of governance policies
- Business Process Improvement
- Business process assessment and design, including the creation of financial reporting and the quarterly/annual close process
- Technology Assessment
- Assess the company’s financial and reporting systems
IT Compliance
IT compliance is an integral component of every DLA internal audit process and is managed by an experienced Technology Advisory Services team who:
- Assess IT risk and develop IT audit plans
- Design IT Governance Structures and Processes
- Document and test IT General Computer Controls and Computer Application Controls
- Review and assess SOC reports, control exceptions, and client control considerations
- Assess the control adequacy of IT Policies and Procedures
- Evaluate the appropriateness and effectiveness of the IT Governance Model, IT Organizational Design, and IT Segregation of Duties
- Identify internal control requirements, monitoring control performance, and reporting on control compliance of IT change projects
IT Controls & Governance
Leveraging our team’s extensive information technology experience, we work with each client on an individualized basis, crafting tailored solutions that are determined based on each organization’s current needs and infrastructure. DLA’s IT Controls & Governance offering includes IT risk assessments, as well as helping organizations establish IT policies and procedures and designing IT controls frameworks. These services can be conducted as a readiness assessment or an audit depending on the specific needs of the client. Our service offering in this space includes:
Assist in the design and implementation of IT organization, governance, and strategy
Analyze existing IT organizational structures, roles, responsibilities, capabilities, and work allocation
Assess IT policies and procedures to ensure all critical areas of the IT organization are addressed and that they encompass adequate General Computer Controls and Computer Application Controls
Provide IT audit support for SOX 404 requirements
Develop IT policies and procedures
Test controls to ensure proper design and execution
Review and assess SSAE 18 SOC reports, control exceptions, and client control considerations
Identify internal control requirements, monitor control performance, and reporting on control compliance of IT change projects
IT Staffing Solutions
DLA supports your business success through interim and permanent staffing placement services, specializing in information technology and cybersecurity professionals across all industries. With a wealth of knowledge on how to effectively address our clients’ staffing needs, our approach is comprehensive and includes several key steps to ensure quality:
We start by working with our clients to gain a thorough understanding of their needs.
We leverage our extensive database and network, identifying candidates that not only have the necessary skills but also fit the unique workplace culture and requirements of our clients.
We handle all administrative aspects, from conducting thorough screening processes and managing onboarding, to performing detailed reference and background checks.
Once a candidate is onboarded, we continue to oversee their performance and fit with the organization, guaranteeing that our clients receive the highest standard of interim staffing solutions.
Operational Reviews
At DLA, we instill confidence in our clients by providing insightful advice on operational processes. We also conduct operational and IT reviews of third-party relationships and vendors to ensure they are compliant with critical contractual and performance-related requirements. We achieve this by staffing a multi-faceted team focused on ensuring compliance with formal and informal policies, procedures and controls while also adding value by sharing leading practices.
DLA uses a prescribed approach to an internal audit, which entails several phases:
- Planning – In this phase, the objectives are clearly defined. This phase includes the creation of an audit program and identification of data analytics that can be performed prior to commencing audit testing to focus the internal audit on higher risk areas
- Commencement Meeting – The purpose of this meeting is to ensure all company employees involved in the risk area, or whom will be involved in or impacted by the review, are aware of the objective, timing, and requirements. Employees can also express concerns and make recommendations to improve the result of the review
- Data Analytics – DLA uses several tools to perform data analytics on areas where data is applicable
- Execution of the Audit Program – Manual procedures are performed by qualified auditors with the appropriate level of knowledge and experience to effectively perform the procedures and make recommendations for alternative procedures
- Review of Observations and Findings with Management – We review all observations and findings with management to confirm the accuracy of those observations and findings. The primary objective is to gain consensus as to their merit in the internal audit report and to work collaboratively toward remedial steps
- Reporting – Reports include an executive summary, background, scope, procedures, observation and findings, recommendations, and management responses. These reports will be reviewed with the Head of Risk Management & Internal Audit and then reviewed with process owners in detail and presented in summary to the Board of Directors
Outsourced / Co-sourced Internal Audit
Operational Reviews
At DLA, we have highly experienced internal audit specialists who come from varying backgrounds in both operational and audit roles. With expertise and deep knowledge across a variety of industries, we provide a value-added internal audit function that has proven exceptionally effective in maximizing independent auditor reliance on our work.
By employing a multi-disciplinary approach that allows us to engage the right resources for the right situation, our team of experts in internal control, technical accounting, forensics, technology, as well as process and efficiencies, all work together to deliver an unrivaled customer experience.
Our internal audit approach includes a vigorous discovery process, which includes benchmarking companies and investigating our clients’ roles in their respective industries. Our team stays in constant contact with our clients to share knowledge about industry issues and trends, SEC changes and any other information we may ascertain on new and relevant developments.
Co-sourced Internal Audit
DLA has performed hundreds of audits for our clients and is well suited to perform audit projects based on the needs of our clients. We establish that in-house auditors retain responsibility for the internal audit process, which, in turn, allows DLA to be called on to provide specialized technical skills and personnel. Our team provides support to companies that do not have the capacity to perform all the internal audit tasks. We offer internal audit independent external quality assessments, functional and transformation support, program assessments, operational and cybersecurity reviews and GRC software vendor assessment and implementation support.
Clients choose DLA because we provide a level of objectivity that in-house auditors often cannot. We leverage the broad knowledge and expertise of our clients’ internal audit resources and execute projects without adding staff. Our capabilities allow us to reduce the additional overhead associated with recruiting, training, administrating, facilitating and maintaining downtime for in-house auditors.
DLA focuses on providing Outsourced or Co-sourced Internal Audit, Sarbanes-Oxley (SOX) compliance, and other value-added risk management and compliance services. We can supplement a firm’s existing team or provide a fully outsourced approach.
Process and Systems Optimization
Process and Systems Optimization involves the assessment of people, processes, and technology from a strategic perspective. At DLA, we design sustainable and effective processes to maximize opportunities.
We work with businesses of all sizes across a variety of industries to assess cost structures, outsourcing, and co-sourcing needs, internal controls, workflow, task allocation, post-merger integrations and/or business performance. Creating an optimized business model with maximum efficiency is our focus.
Regulatory Compliance
Companies today are up against incomparable obstacles in the face of an explosion of complex financial and operational regulations. Scrutinizing and managing compliance with these laws cannot only be all-consuming but often daunting as constant monitoring of regulations can be overwhelming. However, the cost of non-compliance is significant, ranging from fines to irreparable damage to your firm’s brand reputation.
As an integral component of a company’s risk management framework, the regulatory compliance program is a company’s means for adhering to the laws, regulations, and guidelines which are relevant to its operations. As defined by the Federal Reserve Board (FRB) in SR 08-08 (which can be applied to all types of financial institutions) firmwide compliance risk management refers to the processes established to manage risk across an entire organization, both within and across business lines, support units, legal entities, and jurisdictions of operation. This approach ensures that oversight is conducted in a context broader than would take place solely within individual business lines or legal entities. Implementing a compliance program requires highly trained and experienced professionals who can address numerous requirements and implement and oversee compliance programs for organizations of all sizes.
At DLA, we work with organizations to develop, execute, and support economical regulatory compliance programs. By offering an efficient, risk-based approach to managing your compliance endeavors, our top priority is to safeguard stakeholder value and protect the value of your company’s brand and reputation.
Let DLA Help You Protect Your Business
By partnering with DLA, our clients:
- Benefit from the deep expertise of DLA professionals who are highly experienced accountants, auditors, risk managers, and consultants
- Realize the advantages of solutions tailored specifically to your institution’s individual size and needs
- Experience immediate results based on our extensive knowledge base of industry-leading best practices
- Gain access to experts across compliance, legal, risk management, and audit disciplines
- Provide clients, regulators, leadership, and the board with excellence and personalized service
SOX Compliance and Controls Evaluation
We collaborate with management to create and implement a unique approach to corporate governance controls, SOX Sections 302/404 compliance and other regulatory requirements, including those stipulated in the National Association of Insurance Commissioners (NAIC) Model Audit Rule—and many more. We are widely known for helping clients build out a supporting internal controls framework, while helping them leveraging their existing SOX program to address applicable regulatory requirements. We extend this approach to the operating, technology, software, and process areas to expand SOX into a sustainable business process and have an effective transition plan to minimize disruptions to new clients.
This approach allows us to:
- Provide unique insight, value, and leading practices for SOX compliance
- Offer “outside the box” recommendations to reduce cost and improve the process
- Consider the current economic environment when developing the right SOX compliance approach
- Coordinate compliance with independent auditors to fully understand the internal controls surrounding financial reporting for a firm
- Foster a relationship that maximizes reliance by the company’s independent auditors on work performed by internal audit
- Develop templates that improve the efficiency of the SOX compliance function, and which are reviewed and approved by all the Big Four and regional accounting firms
- Deliver flexibility and responsiveness to the changing needs of organizations
Construction Services
DLA offers a comprehensive range of construction services to meet the needs of our clients. With years of industry experience, our dedicated team is committed to delivering high-quality workmanship and exceptional results.
Below is a representation of construction service offerings we perform:
- Forensic Investigations
- Project Cost Reviews, including Evaluation of Overruns
- Construction Project Audits and Reviews
- Construction Project Management Monitoring
- Construction Risk Assessments
- Bank Loan Due Diligence
- Existing Control Environment Walkthroughs and Evaluations
- Construction Policies and Procedures Creation or Enhancements
- Contractor’s Agreement Reviews for Necessary Provisions
- Benchmarking against Peer Groups and Insights into Leading Construction Practices
Meet the Experts
DENNIS CHRISTOFORATOS
KELLEY KORTMAN, CPA
ERROL LABOSKY, CPA
MATTHEW NOFFKE, CIA
CHRISTIAN VARDELEON
