Risk & Business Advisory Services
The alignment of operational and technological investments with your business goals is critical. From high-level issues involving strategic decisions, controls and project management, to operational details concerning information security, the Risk and Business Advisory practice at Baker Newman Noyes can help you align your objectives with your overall business plan. Clients turn to us to help them enhance operational efficiency, mitigate risk through control enhancement, and improve strategic decision making.
Our professionals have extensive backgrounds in information technology controls, data processing, operations and security, along with highly effective project management skills. The practice includes CPAs, CISAs, CISMs, CITPs, and a PMP. In addition, the lead of our practice, Patrick Morin, recently received the prestigious Advanced SOC for Service Organizations Certificate from the Association of International Certified Professional Accountants.
Do you need help with increased process efficiency, cost reduction, cash flow improvement, project management, or process controls and quality? We provide the objectivity, process organization, technological know-how, and solutions you need. And, our knowledge of a wide range of industries uniquely qualifies us to meet your requirements.
Here are some of the ways we’ve helped our clients:
Learn more about how we can help you:
Questions on Business Risk Services? Contact our lead, Patrick A. Morin.
Internal Audit and Enterprise Risk Management
BNN advises organizations on their approach to designing and implementing an enterprise risk management function that is practical and cost-effective. We assist clients by providing internal audit services, which enable organizations to leverage our methodologies, technology and experienced professionals to deliver a proactive, risk-based function.
Audit and Assurance
SSAE-16 And Service Organization Control Reports
Innovations in technology and the reliance on third-party servicing have increased the need for Service Organization Control (SOC) reports by service organizations. The professionals in our Risk and Business Advisory practice assist clients in determining the appropriate SOC report for their organization. Our consultants have deep experience in performing SOC engagements, as well as SAS70s, their predecessor.
Agreed Upon Procedures
These projects are designed to test, verify or validate specific matters or processes on behalf of a set of stakeholders, such as management, the board, or third-parties.
Payment Card Industry
Our experience team of information security advisers helps all levels of merchants and service providers, not only maintain compliance with PCI standards, but mitigate technology-related risks to reduce overall risk levels.
HIPAA Privacy And Security
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires that health care organizations adopt specific standards related to medical privacy and data/transaction security. Our team creates needs-based solutions specific to your organization. These include gap assessments and mitigation guidance, project management methods, training and education, and full implementation management.
The Gramm-Leach-Bliley Act (GLBA) requires that financial institutions adopt specific privacy, security and policy-based standards. Clients turn to us for GLBA gap assessments, mitigation guidance, project management methods, education, and implementation management tailored to your organization.
We help ensure that your company is complying with all SOX 404 regulations. We will work with your organization to help create and implement new compliance programs and processes, or improve the effectiveness of your existing ones.
Technology Risk Management
Our team will assess your technology infrastructure, identify your potential risks and help you ensure your business systems are reliable and secure.
Disaster Recovery and Business Continuity Planning
We provide needs-based solutions and tailor disaster recovery and business resumption planning services to your organization.
Some of our services include:
- Reviewing existing Disaster Recovery and Business Continuity Plans
- Identifying gaps in existing plans
- Assessing business risk and impact of potential disasters
- Developing or expanding plans to remediate identified weaknesses
- Evaluating contracts with business continuity providers
- Identifying plan test strategies and scenarios
- Facilitating and leading tests of the plans
- Modifying and updating plans based on testing results
- Reviewing and updating plans on an annual basis
Business Advisory Services
Questions on Business Advisory Services? Contact our lead, Ilona Davis.
Business and Information Technology Strategy
Your IT strategy and business strategy should be working in in conjunction with one another to help your organization conduct itself more efficiently. Our team will examine both areas, and help you find ways that your IT strategy can be used as a toolset for your business strategy. We’ll discover key technology tools that can be leveraged across your organization to enhance operational performance and reporting processes.
Depending on your organization’s needs, our team can perform these services separately, offering separate business and information technology strategies.
Governance and Organizational Review
Our team will review your company’s governance and organizational structure and conduct a thorough review of how the current structure and processes are affecting the overall culture and environment of your organization. We can also provide you with benchmarks to industry specific standards.
We take a close look at all areas of an organization, including:
- Management structure
- Governance due diligence
- Vendor due diligence
- Overall skill set structure
- Employee compensation benchmarks
Systems Selection and Implementation
Selecting and implementing a new mission-critical system represents a major strategic initiative that requires significant effort. We work with clients throughout the process. We are also vendor independent and deliver objective advice to meet your needs related to:
- Strategic planning
- Readiness assessment
- Software security evaluation
- System selection
- Project planning
- Software implementation review
Business Process Enhancement
Business Process Enhancement (BPE) seeks to help a company radically restructure itself by focusing on the fundamental design of its business processes. Holistic in nature, BPE stresses the idea that sometimes a radical redesign and reorganization of a business is necessary to lower costs and increase quality of service. Our team can help manage your organization’s BPE process, and assist you in the planning, creation and instituting of any new business goals or strategies.
Information Technology Assessment
An IT assessment is a high-level assessment of an organization’s IT department and operation from an enterprise-wide perspective. This type of assessment provides businesses with a high-level road map of recommendations that will increase efficiency.
Within this assessment, our Risk and Business Advisory practice will perform a review of:
- IT controls
IT assessments are particularly helpful for organizations that are growing quickly and/or have need for IT to support business strategy.
Applications and Infrastructure Review
An infrastructure review is designed to help you ensure that your technology infrastructure is meeting the needs of your business. Our team will analyze your infrastructure, evaluate current processes and applications and deliver practical solutions. Our review will focus on productivity, data storage, application delivery, telecommunications and security.
Project Management Office
We know staying on track with projects is one of your main priorities. Our Risk and Business Advisory practice can help guide you through the process, ensuring you adhere to any set constraints, overcome any setbacks and come out on the other side of the project having achieved the desired goals.
We are also able to provide PMO services for short- or long-term initiatives. We provide insight, organization, budget management, resource management, and project tools.
Electronic Health Records (EHR) and Meaningful Use Review
Hospitals, nursing homes, physicians, and other health care organizations turn to BNN for professional, objective, and needs-based solutions. Our advisors have excellent and varied skills that include a blend of healthcare industry experience and information technology expertise; many of our staff formerly served in clinical and healthcare management roles.
We can help you with:
- EHR risk assessments
- Meaningful Use preparedness
- Strategic planning
- Readiness assessments
- Security evaluation
- System selection
- Clinical project planning
- Clinical charting
- Workflow redesign and documentation
- Implementation review
Related Resources (Read More in Our Library)
- Reducing the Likelihood (and Impact) of a Malware Incident
- Hackers Target More than Computers
- FDIC Updates Its Information Technology Risk Examination Program
- New Audit Standards Strengthen SOC 1 Examinations
- Updates To The FFIEC Examination Booklet
Pat began at Baker Newman Noyes in 1995 when the firm was founded, having previously been with one of our predecessor organizations since 1988. Pat is a principal of the firm and the director of the risk and business advisory practice.
Ilona has more than seven years of experience leading and coordinating the daily efforts for audit and consulting projects across numerous industries. She has provided a wide range of advisory services, including regulatory compliance and controls, IT and business risk management, service organization examinations including SSAE-16 engagements, IT strategy, system selection, IT security, IT audit and business process improvement.