Governance, Internal Audit and Controls (GIAC) Services

Our experts are global leaders in providing critical internal audit and control services. We help our clients respond effectively to the challenges of evolving risk profiles and rapidly changing regulatory requirements. Leveraging FTI Consulting’s broad and diverse network of highly experienced professionals, we create service teams with the optimal balance of audit, industry, process, technology and data analytic skills to address the unique needs and risks of each client. Not only do we continuously focus on all key risks, including, but not limited to, compliance and emerging risks, but we also work with management to determine actionable steps to improve overall governance. Our services include the following:

• Co-Sourcing – This provides access to industry expertise, global resources and specialized skills related to Business Process (“BP”) audit, Information Technology (“IT”) audit, data analytics and forensic analysis.
• Full outsourcing – Under a continuous full-service outsourcing arrangement, we serve as the Chief Audit Executive (“CAE”) of your organization. We perform an annual risk assessment and design an audit plan for approval by the Audit Committee. We then execute the audit plan, delivering tailored audits addressing the highest-risk areas.

Our key offerings include:

• Quality assurance and internal audit best practice reviews
• Data analytics and monitoring processes
• Controls risk assessments
• Risk management services
• Board assessments

We help organizations transform their information technology (“IT”) internal audit and compliance capabilities to better understand and manage IT risks and enhance value to the business. Our services include the following:

• IT general controls reviews
• Cybersecurity assessment services
• IT governance
• Information systems penetration testing and vulnerability assessments
• Pre- and post-implementation systems reviews
• Application audits and process reviews
• Segregation of duties assessments
• Disaster Recovery Plan (“DRP”) and Business Continuity Plan (“BCP”) development and evaluations
• Computer-assisted audit tools implementations

Sarbanes-Oxley (“SOX”) compliance can be a large task for many organizations in terms of cost, time and effort. While still adhering to current regulatory and best practices trends, our services provide a streamlined approach to SOX and the entire internal controls for financial reporting (“ICFR”) process. With our experienced industry and control experts, we leverage the use of technology to assist organizations in meeting their control requirements. Our services range from working with the overall Initial Public Offering (“IPO”) team implementing SOX to working with organizations to improve efficiencies in the SOX program. Our services include the following:

• Conducting SOX readiness assessments for pre-IPO companies
• Creating scoping and risk assessment documentation
• Documenting and testing business process (“BP”) and information technology (“IT”) controls
• Optimizing the overall SOX program approach
• Executing testing for management on an outsourced or co-sourced basis
• Assisting with the integration of SOX programs during mergers and acquisitions
• Helping clients with cost reduction and operational efficiency initiatives, including the selection and implementation of SOX software tools

Organizations continuously look to enhance their overall risk and related financial reporting processes through cost-beneficial technology. Our firm assists organizations in software implementations of various vendor tools. One of our key partnerships is with Workiva, which has more than 3,000 global organizations that use its cloud platform to transform data collaboration, finance, operations, controls and reporting processes. Our team is confident the implementation of these modules helps companies make better-informed decisions while reducing risk. We help clients implement the following solutions:

• Controls management
• Internal audit
• Financial/SEC reporting
• Insurance statutory reporting
• Global statutory reporting
• ESG reporting
• Management reporting

Regardless of where your organization is on the ESG maturity continuum, it is important to ensure proper focus and control over key ESG information. Moreover, with the enhanced focus by internal and external stakeholders on ESG activities, it is vital to an organization’s overall business performance that ESG risks and opportunities are accurately identified, addressed and reported. Our team of ESG Subject Matter Experts (“SMEs”) is knowledgeable in ESG-related guidance and requirements. Together with our Governance, Internal Audit and Controls (“GIAC”) team, our SMEs help organizations maintain proper focus on material ESG risks.

Our services align with the transparency and documentation provided by Sarbanes-Oxley (“SOX”) compliance programs. This includes addressing the key components of the 2013 Committee of Sponsoring Organizations (“COSO”) internal control framework. Our services range from the following:

• Independent assessment of ESG risks, processes and controls
• Create a scoping and materiality assessment of risks and mapping such of key processes
• Documentation and testing of ESG controls
• Identification of ESG control gaps and remediation recommendations
• Recommendations to enhance or change ESG disclosures
• Recommendations to leverage technology in the ESG process

Many states have adopted the National Association of Insurance Commissioners (“NAIC”) Managing General Agents Act, requiring companies to perform a review at least annually. The requirements are comprehensive, setting standards in areas including operations, management, underwriting and claims handling. Insurers delegating underwriting authority to Managing General Agents (“MGAs”), Managing General Underwriters (“MGUs”) or Program Administrators (“PAs"), without having the infrastructure in place to monitor compliance by these organizations, cannot effectively control this business. Our services cover multiple lines of business and classes of business, including, but not limited to, property and casualty, professional lines, warranty, accident and health. A dedicated team of audit professionals with extensive experience working with large and small carriers executes these offerings. Our services include the following:

• Financial and operational inspections
• Technical underwriting examinations
• Technical claims examinations

With a diversified group of governance and control specialists, our team provides expert advice and independent assessments of internal control environments, governance and board structures, and organizational adherence to key regulatory requirements. Our team assists senior management, boards, internal and external counsel and regulators in addressing and remediating control weakness, as well as leading investigations to determine the genesis of control breakdowns.