Johnson Lambert's Business Advisory Services (BAS) team works with our clients to improve their risk profile. We leverage our deep industry knowledge to efficiently scope your engagement to focus on highest risk areas. Our BAS team will work with you to customize our approach and roles based on your specific requirements. Whether your audience is management, stakeholders, or customers and their auditors, we provide insightful and action-oriented deliverables. Our advisory services include but are not limited to the following:
CyberSecurity risk affects all companies regardless of size or complexity. Government agencies have created frameworks that are not currently mandated, but strongly recommended to reduce cyber risk. We have seen proposed updates to the Financial Condition Examiners Handbook guidance that address cybersecurity considerations for insurance companies. Our professionals will assess cyber processes and controls against applicable frameworks to provide a comprehensive view of vulnerabilities and a prioritized roadmap to enhance the risk mitigation and response strategies.
Enterprise Risk ManagementJohnson Lambert’s ERM Consulting Services provides your organization with a jumpstart on an enterprise-wide risk assessment. Our ERM professionals will guide you through the process of managing risk on a comprehensive basis. We will aid your organization in creating a synthesis between your organization’s key functional areas that will create operational efficiencies while simultaneously increasing risk mitigation and risk awareness. Click here to download a brochure about our ERM services.
Risk Assessment and Gap Analysis
In the current competitive and regulated environment, organizations need to challenge their risk management processes to define emerging risks and identify opportunities. We have the knowledge and expertise to work with you to improve your risk assessment process, provide a meaningful gap analysis, and recommend risk mitigation strategies.
Role Based Access Control
While user access security has always been a concern, regulations and more stringent privacy laws have imposed new levels of confidentiality requirements on health care, insurance, and financial institutions. At Johnson Lambert, we assist in evaluating and enhancing user administration processes to help manage, segregate, monitor, and control user access across the organization.
Business Continuity (BCP) & Disaster Recovery Planning (DRP)
An effective business continuity plan (BCP) minimizes financial losses and protects an organization’s reputation. As a full service CPA firm, we understand the financial and IT related consequences of system outages, and have the technical expertise to assist in the development, assessment, testing, and maintenance of a comprehensive BCP and supporting DRP.
Independent Verification and Validation
We perform an independent review of a third party organization's compliance with a project’s contractual requirements. This includes reviews such as methodology alignment, project milestone and budget adherence, and product user and/or specification requirements achievement. This independent perspective of project activities promotes early detection of project variances, which allows the project team to implement corrective actions to align with agreed-upon expectations.
IT Process Documentation
To enforce quality controls and support consistent operational efficiency and effectiveness within the IT department, the IT process, procedures and workflows should be documented for support team utilization. Our team's expertise in IT operational risk and controls, help to document a control based, efficient, and effective IT process and procedure that aligns with your business requirements, regulatory compliance, and strategic success factors.
Our experienced team will go beyond mapping internal controls to the new COSO framework, by ensuring the appropriate controls are implemented and level of documentation is maintained for compliance, and by providing COSO framework awareness and training. Additionally, we will evaluate the current and target levels of maturity for controls supporting each COSO principle, and assist with the development and execution of remediation plans to achieve these targets.
Fraud Risk Assessment
All parties are subject to fraud risk and should assess inherent risk areas, evaluate the likelihood and significance of fraud risk, and determine which control procedures should be implemented. Our team can support your fraud risk assessment by evaluating the control environment, including: morale, management involvement, incentive structure, training, and code of conduct awareness, as well as business process fraud risk factors and control processes.
IT Effectiveness Assessment
This can be as broad or narrow as the client desires to assess operational improvement areas and understand how well business needs are being met. Is the IT organization structured and responsive to business goals? Are the delivery strategies aligned with company objectives, as evidenced through successful delivery of projects and ongoing operations? We will review IT processes and procedures to identify where efficiency can be gained for stronger performance.
Vendor Contract Review
Contract analysis includes reviewing the spend detail, resource optimization, contractual and NDA compliance, intellectual property and training milestones, and status of the project/ product to date. JL will determine discrepancies, and assistance will be given to reconcile errors including back credits, realignment of SLAs, commitment notification alerts, incident and problem management tracking and resolution, and delivery/acceptance support to ensure product/results aligns with final amended contractual agreement.
System (Pre/Post) Implementation Reviews
Whether you are considering implementing a new system or have already done so, conducting a system implementation review can help you achieve the full benefits of your investment. We have the expertise to conduct a review that will address all system development and maintenance life cycle phases.