• Advisory Services

    BGM Advisory Services
BGM Email Icon

Risk Assessment Services

Boeckermann, Grafstrom & Mayer, LLC offers risk assessment services via its subsidiary, AC3.

AC3’s Risk Assessment Groups are multidisciplinary teams that bring vast experience, skills, and resources to benefit our clients and exceed their high expectations. We apply our unique methodology and state-of-the-art technology to provide a full range of capabilities to our clients.

Internal Audit

AC3’s internal audit methodology represents a compendium of best practices based on our practitioners’ many years of industry experience, including:

  • Processes and procedures that comply with the Institute of Internal Auditors (IIA) and other industry standards. We utilize state-of-the-art technology and industry-specific best practices to improve efficiency and produce results.
  • Reporting that includes not only control weaknesses, but also the acknowledgment of positive practices and value-added insights.
  • A staffing model that includes professionals with the requisite experience that our clients need.
  • Embedded quality-assurance processes and procedures.
  • The flexibility to implement specific methodology components, or reorganize methodology steps, to align with Internal Audit Management goals and preferences.

Our seven-phase process was developed by our internal audit professionals and will be customized to integrate your company’s existing methodology to precisely meet your needs. We begin each internal audit engagement by obtaining a detailed understanding of your business processes and infrastructure, performance measures, purpose and strategy, governance, professionals and culture, industry, and other factors influencing your business. Based on this in-depth knowledge, we define the universe of auditable entities and develop a risk model. This process enables us to deliver against the audit plan, in addition to providing insight that is based upon our findings.

Sarbanes-Oxley 404

The Sarbanes-Oxley Act of 2002 has imposed several new reporting requirements on public companies.

  • Are you confident that your company’s response is adequate and cost-efficient in meeting these new requirements?
  • How will you find the time and do you have the knowledge to effectively document, evaluate, and test your internal controls over financial reporting and disclosure?

Assurance Consulting 3, Inc. can help. Using our comprehensive tools and techniques that are specifically tailored for small to medium-sized companies, we can document, evaluate and test your internal processes, systems, and controls in advance of your auditors.

AC3’s professionals have significant experience in financial accounting, IT management and audit, ranging from 5 to 20 years per individual. Our success in helping companies like yours is the result of our ability to deliver quality service at attractive, value-added rates. As former “Big 4” auditors, we possess the competence and objectivity for both management and your external auditors to rely on our work. This results in a more efficient audit by your external auditors, a greater chance of a “clean” opinion, and the lowest audit fees possible.

Given the current market for SOX readiness projects, AC3’s rate structure is targeted at clients seeking to reduce their overall compliance costs.

  • Readiness/Compliance
  • Ongoing Compliance
  • Streamlining & Efficiency

IT Audit

In conjunction with AC3’s internal audit and Sarbanes-Oxley readiness methodologies, our risk-based approach to IT auditing has been fine-tuned. We focus on only those applications and environments that pose the greatest risks. AC3’s IT audit methodology has been developed to fully integrate with our internal audit and Sarbanes-Oxley readiness methodologies to achieve the most efficient and effective testing approach. In addition, AC3’s IT audit methodology was designed to bridge the gaps between IT leadership, internal audit, and external auditors.

In addition to traditional IT audit capabilities, AC3’s IT Audit Group has substantial expertise in several value-added services including:

  • Web Security
  • Perimeter Security
  • Computer Forensics
  • Disaster Recovery Assessment and Testing
  • ERP/Systems Integration Implementation Assistance