Our global portfolio ranges from Saudi Aramco executives (MOU, negotiations) to John Deer Innovation or Monsanto, to the Kellogg Foundation or UK and North American autism non-profits. As well as Medecins sans Frontieres, the Flying Doctors, UNESCO, and the UN Secretary General's office.
Because the world is such an inter-twined economic system, managing global markets is a critical path to financial performance for any Fortune 100 to 500 company. We help clients across an array of market verticals, using the same tactical and innovation skills we use for our National Defense and Technology consulting, grow market share, increase valuation and equity, and improve investor or customer satisfaction.
Audit: Integrating Cyber,
Finance and OPSEC
Integrated Risk Management in 2018 goes well beyond the traditional financial audit of earlier years. The best approach blends operational (OPSEC), financial (FAR and other compliance) and cyber or IT audit for a synchronized view of risk and controls.
We offer compliance strategy and actual servies in all three of these areas, with prime vendor relationships allowing us to meet any scope and size of enterprise requirement.
Why Integrated Audit is Critical
When Anthem/BC-BS was breached a couple of years ago, costing the company more than $200M total, it compromised almost one-third of American private health care and financial data. And this large cyber breach was not even caused by an Anthem employee, but by a downstream subsidiary's contract employee, opening a phishing email on a work lan.
Nonetheless, Anthem was responsible for safeguarding the private data of its customers throughout the lifecycle of the data's usage by Anthem: upstream and downstream. Anthem, under FISMA cyber rules, had ultimate responsibility for monitoring and ensuring the compliance of its sub-contractors, because it is a federally-funded entity for health care insurance purposes. Under federal FAR rules, every prime has ultimate responsibility for the actions or failures of every sub-contractor.
And even though Anthem was passing financial audit, its executive team was not viewing a 'cohesive, systems view' of COMPLETE ENTERPRISE RISK: cyber + finance + operations (OPSEC). Either a cyber or an OPSEC audit would have revealed the training and control deficits of the Anthem sub-contractors.
We provide audit evaluation, federal certification strategy and solution development, audit strategy and compliance services. Cloudera is one of our favorite tools for mapping end-to-end data and cyber architecture or solution components, for true visualization of risk and audit impact. We believe it is unwise and impractical to separate financial audit, from cyber and operational audit.