Quick Links


Home > Services > Risk Assurance & Advisory

Risk Assurance & Advisory

Our Approach

The threats your business faces and the regulatory compliance requirements you must adhere to grow exponentially each year.  Armanino is here to provide you with an innovative, analytic and practical approach to managing your risk portfolio.  Our experts can help you address cybersecurity, privacy, SOC audit, SOX readiness and compliance concerns, and much more.  We will help your finance team and board of directors to sleep better at night, knowing that controls and monitoring programs are in place that align with your strategic goals.


Armanino can assist your organization with a variety of risk assurance and advisory services, including:

Business Continuity Planning & Management

A significant, sustained interruption of enterprise operations or information flow will have an adverse effect on any organization. Developing a sound business continuity and disaster recovery plan is crucial to preventing even a minor disruption from snowballing into a business catastrophe. An effective process model may prevent the emergence of a crisis.

Our Business Continuity Management team has deep experience in business continuity planning and understands the importance of complying with regulatory requirements and fiduciary responsibilities to avoid potential penalties and litigation.

We assist clients in identifying critical business processes and exploring strategies that include a process-oriented approach that incorporates a business impact analysis (BIA), a risk assessment, risk management and risk monitoring.

Our experts will help you build a strong business continuity plan that maps out an organizational structure with distinct roles and responsibilities and generates well-documented plans, including information technology, business relocation, manual workarounds and data restoration features.

Cybersecurity Services

All companies―regardless of size or industry―face a very real risk of cyberattack. Today’s executives need to think seriously about cybersecurity and what they are doing to protect themselves, their organizations and their customers .


Privacy Services

At Armanino, our consumer data privacy experts provide a range of solutions designed to help business leaders combat the quickly changing landscape of privacy and breach notification laws, and maintain compliance with new regulations.


Contract Compliance Audits

Armanino’s contract compliance audit professionals  are experienced in serving a variety of our firms' clients in areas such as royalties, licensing, distribution agreements, advertising, digital content and more.


Enterprise Risk Management

Risk often rises in tandem with change. An enterprise lacking in enterprise risk management (ERM) can become vulnerable, for example, when external certifications are needed to promote business competency, the organization is pursuing a new business venture, special projects arise, or a key accounting, IT or finance professional becomes unavailable for extended periods.

Being inadequately prepared for these events can lead to deteriorating financial performance, lost business opportunities, or even misrepresentations in financial statements.

At Armanino, our ERM framework centers on aligning risk management with enterprise objectives for long-term sustainability. This requires implementing a practical approach to enterprise risk control, one that is integrated with existing management processes, to:

  • Provide an enterprise-wide view of risk
  • Improve information for decision-making
  • Reduce costly surprises
  • Rationalize the cost of risk management
  • Contribute to long-term value creation and protection

Our subject matter experts in financial, operational and technological risks work with clients to design a cost-effective process with supporting policies to address specific risks, identify mitigating strategies, evaluate technology solutions for reliable reporting and monitoring, and implement the process successfully over time.

We concentrate on the appropriate business areas as efficiently and effectively as possible, creating customized risk models to help provide enterprise risk control throughout an organization.

Armed with a comprehensive and strategic assessment of their risk universe, our clients are well-positioned to evaluate how best to manage their business risks.

HITRUST Certification Services

Armanino employs a team of compliance experts who are certified to provide HITRUST CSF assessments  on your behalf. Our approach is to optimize your control programs and gain efficiencies for our clients by coordinating HITRUST and SOC controls where possible. 


Internal Audit

In an environment of increased risks ranging from misappropriation of funds to cyberattacks, strong internal controls have become a critical business practice for all companies, whether or not they are required to comply with Sarbanes-Oxley (SOX). Our internal audit specialists work with a wide variety of organizations to create more effective internal control structures and improve their operations.


ISO 27001

Armanino’s expertise in managing a broad array of risk management and certification programs for clients ensures that you will benefit from a cost-effective approach to ISO 27001 certification.


SOC Audit & SOC Compliance

Armanino has extensive experience with Type 1 and Type 2 SOC reports to fulfill all your SOC audit and SOC compliance needs.

Sarbanes-Oxley Act (SOX) Compliance

Armanino brings a unique approach to SOX compliance that provides you with a competitive edge and sets us apart from other service providers.


Third-Party Assurance/Vendor Risk Management

Clients want assurance that their vendors are protecting their data and assets with effective, secure third-party controls and risk management. Armanino is a leading provider of third-party assurance and vendor risk management services.



Transparency Into Supply Chain Risk

Managing supply chain risk has become an increasingly critical issue for companies and their stakeholders.

COVID-19’s Impact on Third-Party Risk Management

Organizations should evaluate potential vendor risk management issues associated with their third-party providers.

The GDPR and The CA Consumer Privacy Act: A New Privacy Landscape Emerges

Both these regulations apply to companies in a variety of geographies and across industries. Scrutiny of the way organizations manage consumers’ data privacy rights has never been higher. Our experts help you navig ...

Preparing for SOC Changes

SSAE 18 went into effect on May 1, 2017, and it superseded SSAE 16. SOC Audit Partner Liam Collins reviews the changes, as well as the change to SOC 2 reports beginning December 15, 2018.

Tech Company Gets Clean SOX Opinion and SEC Reporting with Armanino

Fast-growing tech company received a clean SOX opinion with no technical accounting issues and timely SEC reporting for better insights and future reporting requirements with Armanino’s GRC team.

The CFO’s 10-Step Guide to Sleep the First Year after Ringing the Bell

High growth entities should view IPO readiness not as a single, defining event, but as the CFO’s opportunity to create additional valuein the company lifecycle.

Converting Risk Into Opportunity: Leveraging SOC Reporting to Build Customer Confiden ...

SOC compliance requires time and effort, but it also provides an opportunity for service organizations to differentiate themselves in their marketplace.


Practice Leaders

Liam Collins


Related Experts