Internal Audit and Compliance

Build an agile, change-ready culture of compliance.

Managing risk in the modern era goes well beyond controls and regulatory compliance, encompassing readiness for new accounting standards, automation and AI, data quality and business resilience. It requires the agility to respond to strategic business initiatives as well as emerging risks related to new business ventures and other large-scale organizational change. And it means internal audit and compliance leaders need an influential seat at the table to guide the management team’s effective response.

RGP is an agile partner with the skills, talent and flexibility to help you keep pace with these evolving demands. With deep industry experience and certifications including CPA, CIA, CISA and CFE, our consultants can support you across a broad range of industry-specific risk management, internal control and compliance issues.

A Collaborative, Integrated Approach

Whether you’re an independent small to mid-sized company or a multibillion-dollar publicly held entity, RGP gives you access to the right people with the right expertise to perform financial, operational and IT audits. We partner with your internal teams to execute the plans you develop internally or to create a customized audit program tailored for your organization’s needs.

Our Approach

Our multi-faceted approach to internal audit and compliance enables you to address regulatory issues and other financial and operational risks before they impact your business. We can assess your enterprise risks, then create and execute customized internal audit programs to address prioritized risk areas, including core business operations, fraud scenarios, IT vulnerabilities and more.

We enhance this approach with data analytics tools and bot-powered software for automated data gathering and control testing. Specific capabilities include:

Enterprise Risk Assessment
Working closely with your team, we combine our knowledge of inherent process risks with your company-specific insights to create a customized enterprise risk assessment (ERA). We’ll work with you to understand the impact and likelihood of risk events as well as the speed of onset. Your ERA can be used to develop an internal audit plan, serve as a foundation for broader ERM initiatives, or serve as a strong entity-level control for other compliance purposes.

Internal Audit Planning & Execution
Our flexible internal auditing model allows you to fully outsource internal audit activities or take advantage of co-sourcing or staff augmentation arrangements. With deep industry knowledge across a broad range of sectors, we‘ve built internal audit functions from the ground up as well as experience bringing new ideas to mature internal audit functions. We’ve recently added Power AuditTM to our arsenal of tools—an automated control testing approach, which uses bots to gather, prep and test controls in a highly efficient and customizable manner.

IT Audit & Information Security
Internal audit challenges often involve understanding complex technologies and adaptation to address new security and privacy compliance requirements. Our consultants have performed IT audits across a broad range of IT risk issues in different IT configurations and systems. Whether you’re running customized, internally developed applications or using standardized cloud-based offerings, we can help you address unmitigated risks.

Internal Controls/SOX Testing and Optimization
We help companies design, document and test their internal control environments across a broad range of industries, advising clients on pre-IPO readiness for SOX as well as supporting efficient execution of annual SOX compliance activities. We also have experience in controls rationalization and controls portfolio optimization.

Contract Audits
We can assess contract criteria and design compliance testing criteria and executive-friendly testing approaches, using data analytics technology whenever possible. Contract audits can also focus on assessing contractual content and opportunities for process improvement as well as enhanced protection clauses.

Compliance Audits and Programs
Compliance comes in many flavors, as organizations need to comply with external regulations as well as internal policies and risk tolerances. Our consultants have years of experience performing audits and assessment procedures, helping you to optimize your compliance posture, whatever that may be.

Cost Recovery Audits & Loss Prevention
Increased competition, new technologies, complex processes, limited resources, demanding supply chain and other operational challenges vastly impact your ability to safeguard vendor payables. Cash leakages may exist throughout the procure-to-pay process and, if left undetected, can result in material revenue loss ranging from .1% to .3%—or $1 million to $3 million—per $1 billion of spend. We help stakeholders identify root causes, develop strategic improvements and improve cash flow.

Our specialized consultants have the forensic audit and analytical expertise to identify control weaknesses within the most complex systems and processes.

SOC 1 and SOC 2 Readiness/Reports
RGP performs all forms of SOC assessment and reports (Type I and Type II). SOC 1 reports on the service organization’s controls related to its clients’ financial reporting. SOC 2 reports build on the financial reporting basis of SOC 1 and also require standard operating procedures for organizational oversight, vendor management, risk management, and regulatory oversight. We also execute delivery methods allowing you to leverage SOC controls assessment across a broad range of control compliance requirements, including Payment Card Industry data security standards and others.

External Quality Assessments
We can objectively assess your internal audit department, resources and skill levels with a top-to-bottom diagnostic review of your current internal audit function, using conformance criteria from the IIA’s Quality Assessment Manual.

Success Stories

Employee Spotlights

Our people make it all happen. Learn more about our collaborative, talented and diverse team.