Internal Audit & Risk Advisory
Internal Audit & Risk Advisory Services
DLA’s Internal Audit & Risk Advisory practice’s core focus has been to offer companies Outsourced or Co-sourced Internal Audit & Risk Advisory, Sarbanes-Oxley (SOX) compliance, in addition to risk management and compliance support. Our suite of services enables clients to leverage our expertise in order to establish efficient controls, leading-edge practices, and a reliable Internal Audit and Risk Advisory program. Our extensive Internal Audit & Risk Advisory experience allows us to create tailored programs that are industry-specific and risk-based.
Anti-Money Laundering Compliance
DLA partners with its clients in a cost-effective manner to ensure that they can keep pace with the challenges of Anti-Money Laundering compliance. DLA provides a wide variety of consultative services designed to assist an organization in all aspects of Anti-Money Laundering (“AML”)/Bank Secrecy Act (“BSA”) compliance.
AML and Bank Secrecy Act Compliance
At DLA, we can assess AML and BSA processes and develop target operating models, which can significantly improve capability and effectiveness. We can also provide highly effective AML compliance program management, delivery, implementation, and remediation services.
We have significant expertise in the full range of financial crime prevention:
- Know Your Client (KYC) procedures
- Performing customer due diligence (CDD)
- Enhanced due diligence (EDD)
- Know your Transaction (KYT) procedures
- Transaction monitoring alert analysis and review
- Drafting suspicious activity reports (SARs)
- Office of Foreign Assets Control (OFAC) screening Sanctions monitoring
Our AML professionals are expert in delivering and supporting a comprehensive AML and BSA Program through comprehensive and effective:
- Program creation, framework, and schedule
- Program remediation and reporting
- Documentation creation
- Strategy and board reporting
- Independent AML compliance program testing
- Design and implementation of AML/CTF Risk Assessments
- Regulatory examination coordination and response
- Transaction monitoring software implementation and support
Enterprise Risk Management
Enterprise Risk Management (ERM) is the process of managing the activities of an organization to minimize the risk of its strategic initiative’s capital and earnings. ERM includes risks not only associated with accidental losses but also with financial, strategic, operational and compliance issues.
The Corporate Governance Benchmarking and Best Practices services focus on helping clients assess and develop an understanding of how the board and senior management executes its responsibilities, including new strategic vision, and become more effective and efficient.
DLA has deep experience performing risk assessments to guide clients through the entire ERM process. We work closely with our clients’ management teams to perform risk assessments and design custom solutions.
A risk assessment is the basis for an effective internal audit strategy. DLA helps anticipate problems, as well as avoid, accept, share or transfer them if they do occur. Given that risk assessment is the foundation for an effective internal audit strategy, a well-thought-out strategy helps companies not only prioritize their internal audit efforts but also reaches corporate strategic goals, improve profitability, and identify compliance needs to meet governmental regulations and applicable laws.
Organizations that vigorously interpret the results of their risk assessment process, set the groundwork for establishing an effective ERM program and are better positioned to capitalize on opportunities as they arise.
The COSO 2013 Framework requires companies to consider the potential for fraud in assessing risks to the achievement of its objectives. In evaluating the risk of fraud, companies are required to consider various types of fraud, such as incentives and pressures, opportunities, attitudes, and rationalizations. Our team:
- Identifies the wide-ranging types of frauds
- Identifies examples of specific fraud schemes for each type of potential fraud
- Identifies the company’s activity-level and entity-level controls
- Assesses the relative probability and potential magnitude of the identified types of fraud
- Assists with the design of potential enhancements to help mitigate the risk of fraud
Being prepared for the demands placed on a public company prior to an IPO is crucial. At DLA, we provide IPO readiness services to ensure that the presentation of financial statements and other financial data meet all disclosure requirements. Typically, pre-IPO companies need to create an organizational and back-office infrastructure with the appropriate internal control and regulatory compliance structure required for publicly traded companies, including:
- Effective corporate governance policies and procedures
- Optimized organizational structure and effective processes to support future growth
- Efficient and effective policies and procedures with appropriate internal controls
- Complete and accurate financial statements prepared on a consistent and timely basis
- Robust financial and reporting systems
- Comprehensive compliance structure to support regulatory requirements (i.e., Sarbanes-Oxley compliance)
- SOX Readiness, including coordination with independent auditors
- Financial controls review coupled with the design and implementation of internal controls
- Foreign Corrupt Practices Act (FCPA) compliance
- IPO Process Project Management
- Corporate Governance
- Audit Committee Charter
- Whistleblower Policy and Hotline
- Examination of organizational processes and policies
- Creation of an Internal Audit function (NYSE requirement), including the development of policies and procedures
- Development of governance policies
- Business Process Improvement
- Business process assessment and design, including the creation of financial reporting and the quarterly/annual close process
- Technology Assessment
- Assess the company’s financial and reporting systems
IT compliance is an integral component of every DLA internal audit process and is managed by an experienced Technology Advisory Services team who:
- Assess IT risk and develop IT audit plans
- Design IT Governance Structures and Processes
- Document and test IT General Computer Controls and Computer Application Controls
- Review and assess SOC reports, control exceptions, and client control considerations
- Assess the control adequacy of IT Policies and Procedures
- Evaluate the appropriateness and effectiveness of the IT Governance Model, IT Organizational Design, and IT Segregation of Duties
- Identify internal control requirements, monitoring control performance, and reporting on control compliance of IT change projects
At DLA, we instill confidence in our clients by providing insightful advice on operational processes. We achieve this by staffing a multi-faceted team focused on ensuring compliance with formal and informal policies, procedures and controls while also adding value by sharing leading practices.
DLA uses a prescribed approach to an internal audit, which entails several phases:
- Planning – In this phase, the objectives are clearly defined. This phase includes the creation of an audit program and identification of data analytics that can be performed prior to commencing audit testing to focus the internal audit on higher risk areas
- Commencement Meeting – The purpose of this meeting is to ensure all company employees involved in the risk area, or whom will be involved in or impacted by the review, are aware of the objective, timing, and requirements. Employees can also express concerns and make recommendations to improve the result of the review
- Data Analytics – DLA uses several tools to perform data analytics on areas where data is applicable
- Execution of the Audit Program – Manual procedures are performed by qualified auditors with the appropriate level of knowledge and experience to effectively perform the procedures and make recommendations for alternative procedures
- Review of Observations and Findings with Management – We review all observations and findings with management to confirm the accuracy of those observations and findings. The primary objective is to gain consensus as to their merit in the internal audit report and to work collaboratively toward remedial steps
- Reporting – Reports include an executive summary, background, scope, procedures, observation and findings, recommendations, and management responses. These reports will be reviewed with the Head of Risk Management & Internal Audit and then reviewed with process owners in detail and presented in summary to the Board of Directors
Outsourced / Co-sourced Internal Audit
Outsourced Internal Audit
At DLA, we have highly experienced internal audit specialists who come from varying backgrounds in both operational and audit roles. With expertise and deep knowledge across a variety of industries, we provide a value-added internal audit function that has proven exceptionally effective in maximizing independent auditor reliance on our work.
By employing a multi-disciplinary approach that allows us to engage the right resources for the right situation, our team of experts in internal control, technical accounting, forensics, technology, as well as process and efficiencies, all work together to deliver an unrivaled customer experience.
Our internal audit approach includes a vigorous discovery process, which includes benchmarking companies and investigating our clients’ roles in their respective industries. We also stay in constant contact with our clients to share knowledge about industry issues and trends, SEC changes and any other information we may ascertain on new and relevant developments.
Co-sourced Internal Audit
DLA has performed hundreds of audits for our clients and is well suited to perform audit projects based on the needs of our clients. We establish that in-house auditors retain responsibility for the internal audit process, which, in turn, allows DLA to be called on to provide specialized technical skills and personnel. Our team provides support to companies that do not have the capacity to perform all its internal audit tasks.
Clients choose DLA because we provide a level of objectivity that in-house auditors often cannot. We leverage the broad knowledge and expertise of our clients’ Internal Audit resources and execute projects without adding staff. Our capabilities allow us to reduce the additional overhead associated with recruiting, training, administrating, facilitating and maintaining downtime for in-house auditors.
DLA focuses on providing Outsourced or Co-sourced Internal Audit, Sarbanes-Oxley (SOX) compliance, and other value-added risk management and compliance services. We can supplement a firm’s existing team or provide a fully outsourced approach.
Process and Systems Optimization
Process and Systems Optimization involves the assessment of people, process, and technology from a strategic perspective. At DLA, we design sustainable and effective processes to maximize opportunities.
We work with businesses of all sizes across a variety of industries to assess cost structures, outsourcing, and co-sourcing needs, internal controls, workflow, task allocation, post-merger integrations and/or business performance. Creating an optimized business model with maximum efficiency is our focus.
Companies today are up against incomparable obstacles in the face of an explosion of complex financial and operational regulations. Scrutinizing and managing compliance with these laws cannot only be all-consuming but often daunting as constant monitoring of regulations can be overwhelming. However, the cost of non-compliance is significant, ranging from fines to irreparable damage to your firm’s brand reputation.
As an integral component of a company’s risk management framework, the regulatory compliance program is a company’s means for adhering to the laws, regulations, and guidelines which are relevant to its operations. As defined by the Federal Reserve Board (FRB) in SR 08-08 (which can be applied to all types of financial institutions) firmwide compliance risk management refers to the processes established to manage risk across an entire organization, both within and across business lines, support units, legal entities, and jurisdictions of operation. This approach ensures that oversight is conducted in a context broader than would take place solely within individual business lines or legal entities. Implementing a compliance program requires highly trained and experienced professionals who can address numerous requirements and implement and oversee compliance programs for organizations of all sizes.
At DLA, we work with organizations to develop, execute, and support economical regulatory compliance programs. By offering an efficient, risk-based approach to managing your compliance endeavors, our top priority is to safeguard stakeholder value and protect the value of your company’s brand and reputation.
Let DLA Help You Protect Your Business
By partnering with DLA, you will:
- Benefit from the deep expertise of a team that comprises DLA professionals who are highly experienced accountants, auditors, risk managers, and consultants
- Realize the advantages of solutions tailored specifically to your institution’s individual size and needs
- Experience immediate results based on our extensive knowledge base of industry-leading best practices
- Gain access to experts across compliance, legal, risk management, and audit disciplines
- Provide clients, regulators, leadership, and the board with excellence and personalized service
SOX Compliance and Controls Evaluation
We collaborate with management to create and implement a unique approach to corporate governance controls, SOX Sections 302/404 compliance and other regulatory requirements. We extend this approach to the operating, technology, software, and process areas to expand SOX into a sustainable business process and have an effective transition plan to minimize disruptions to new clients.
This approach allows us to:
- Provide unique insight, value, and leading practices for SOX compliance
- Offer “outside the box” recommendations to reduce cost and improve the process
- Consider the current economic environment when developing the right SOX compliance approach
- Coordinate compliance with independent auditors to fully understand the internal controls surrounding financial reporting for a firm
- Foster a relationship that maximizes reliance by the company’s independent auditors on work performed by internal audit
- Develop templates that improve the efficiency of the SOX compliance function, and which are reviewed and approved by all the Big Four and regional accounting firms
- Deliver flexibility and responsiveness to the changing needs of organizations
Meet the Experts
PHILIP RAMACCA, CPA
PRESIDENT & COO
CHIEF ADMINISTRATIVE OFFICER
Internal Audit & Risk Advisory Services Practice Leader
MOSES NAM, CPA, CISA
MANAGING DIRECTOR & CIO