Our clients are facing an increasingly complicated environment of ever-changing laws, regulations, and standards resulting in operational and organizational risks. Additionally, ensuring that data, documentation and systems have sufficient integration of controls and risk-mitigating procedures requires steady navigation.  Alta Via works with clients to optimize processes, procedures, protocols, and people, executing risk management and compliance in an efficient, traceable, and integrated manner.

 

What We Do:

Our subject matter experts (SME) have the depth and breadth of knowledge to address the complex task of ensuring compliance for existing business process and information technology solutions.  Alta Via consultants review your unique business environment and tailor a methodology and establish an infrastructure to manage risk. An executable compliance and risk management infrastructure incorporates the retention, consolidation, integration and/or development of compliance documentation, alignment to end-to-end business processes, business narratives/cycle memo’s and builds upon existing policies, procedures, and governance foundations. Once in place, this compliance infrastructure will be leveraged to support business process improvement, ongoing audit and compliance-related programs and serve as a framework for future risk management.

Compliance and Risk Infographic

 
How We Do It:

Identify key compliance and risk areas applicable to your business operations and environment.

Evaluate existing frameworks that serve as sources for key risk and controls (e.g. Annual Statement of Assurance (ASoA) / Managers Internal Control Program (MICP))

  • Establish a baseline of risks, risk-mitigating procedures and controls applicable to the operating environment
  • Document controls tested during audit engagements (Financial Statement, IT Audit,  SOC, Oversight entities)

Leverage ongoing efforts to continually assess and update key business processes, risks, and controls.

Develop, revise and refine a compliance and risk management infrastructure, incorporating processes, policies and procedures: Retain and reuse

  • Document process cycle memos sourced from SME discussions and walkthroughs.
  • Aggregate and catalog documentation and evidence provided.
  • Tie key compliance and control activities to enterprise architecture and/or business process models.

As process, risk and control details are updated and maintained within the risk management infrastructure, continue utilizing the gathered knowledge for ongoing efforts

Implement an accessible knowledge repository, integrating lessons learned, best practices and remediation results, resulting in a more robust source for future audit efforts

 
Expertise:
Alta Via Consulting assists organizations with a focus on internal assessment of risks, controls and compliance to fuel an efficient, traceable and integrated risk management environment.

 Compliance and Risk overview

Risk and Control Traceability 
Alta Via establishes a risk management baseline for our clients by identifying and aligning risks, risk mitigating procedures and controls applicable to the operating environment. Gaps in control(s) are assessed and prioritized based on residual risk. 
 
System Specific Risk and Compliance Analysis 
Alta Via identifies various information system security and compliance requirements and assess the associated system controls.  Examples of requirements reviewed include: RMF / FISMA, FFMIA, FISCAM/SOX 404, and TFM. 
 
Policy & Process Compliance Management 
Alta Via manages an organization's risk management infrastructure by tying key compliance and control activities to various risks and requirements.  By executing a one control to many risks / requirements approach, Alta Via incorporates processes, policies and procedures into an effective risk and compliance management solution.  The assessments performed for one requirement and one control can be reused for multiple other requirements, resulting in a more robust source for future internal and external control assessment engagements.