The other day I was having lunch with an Internal Audit Director and was asked about my process when it comes to finding consultants I provide to my clients. My company is only as good as the consultants I can utilize. With my name attached to every project, clients rely on my ability to sort through the numerous resumes, IMs, and e-mails I receive so that only the best are left. To truly “add value” one must first find the wise among the fools.

After over two years of being in business, the number of friends and former associates left that I can utilize on projects has dwindled. Most have found full-time positions elsewhere which means I spend almost as much time networking with consultants as I do with Internal Audit Directors, CFOs, and the like. So how do I sort through them?

First Contact

First, they send a simple request for information. “Hey Thomas love what I see of you on LinkedIn, check out my profile, have any projects I could help you with?” A simple IM on LinkedIn. Harmless. I applaud them for reaching out.

Honestly, if I receive this I might just ignore it. They immediately start with an ask “check out my profile” instead of offering information “I have 8 years of experience with SOX”. But let’s say they get my attention, then I respond (after pleasantries) with “E-mail me your resume and…” I always try to include two asks in my response.

Now one of four things will happen. 1) They say OK and never e-mail me 2) They send some or all of the information via IM 3) I get an e-mail but without what I asked for or 4) They e-mail me and either provide all of the information or address what is missing “I’d rather chat first before providing my resume”.

I don’t do anything about the first scenario and the second I repeat my insistence for e-mail communications but send no other comments or reminders without my instructions being followed first. Otherwise, my thoughts are “If you can’t follow simple directions from someone you want to earn money from, why would I trust you with my clients?” Again, to truly “add value” one must first find the wise among the fools.

They survive the first “test”

If they get through these first steps and their resume is relevant to the services my company provides, then I interact via e-mail to get a feel for what they are looking for to ensure future projects are a good fit. I also go ahead and bring up their desired hourly rate. Nothing binding, just an idea of what they want. It’s simple, I’ve announced it on LinkedIn more than once. The highest, the maximum rate I’m currently willing to bill is $125 per hour in 2022. So if the consultant is looking for $115, $125 per hour? Well, I’m honest with them and wish them luck. Some walk away, some backtrack and lower theirs a bit. While I make note of it, they are already losing my interest. Either they were trying to take advantage of me or they might take a lower rate offer on a project then leave in the middle when a better offer comes up. Neither scenario is appealing to me.

SO. Now I know their background better and desired projects and rates. Not to mention I’ve combed all over their LinkedIn profile, their social media, Googled them plus contacted mutual connections to get other opinions.

Putting a voice to the text

If they’ve made it that far it’s time for a personal meeting. Depending on locations and schedules, we’ll grab coffee, lunch, or have a phone call. What am I looking for? If they talk about themselves the entire time, not interested. I’m an easy-going guy, if I’m dying to run away 5 minutes into the conversation what will my clients want to do? I get an understanding of my clients by asking my clients about themselves. Yes, I want to know what my consultant’s interests are, absolutely. But that should be a natural part of the process, not the central focus of the meeting/call. What was that I said earlier? Right. To truly “add value” one must first find the wise among the fools.

Decisions made quickly

Before I’m back in my car or hang up the phone I now know their professional experience, their personality, and what types of projects I’d trust them on that they would also enjoy being part of. I know what rates they are looking for and typically understand the drivers behind those rates.

This is why, whenever a client asks for a proposal they receive the proposal as well as specific consultant profiles. Asking for a SOX tester is easy. But receiving one who not only matches your request but also can match your preferred work style is very different.

What about “emergency” calls for help?

And those posts on LinkedIn and other company sites looking for various experts? No, I don’t just reformat their resume and send it to a potential client. Even with short windows to fill a project, I still go through this same process. I’d rather turn down the work than utilize a consultant I don’t feel comfortable with.

This ended up a little longer than I meant for it to be. I move fast, but quality must always exist. Otherwise, my company won’t. And I love what I’m doing too much to let that happen.

I have a confession to make. I’m a Geek. Capital G. Star Wars and Marvel are my two biggest fandoms. DC comes up right behind them but post-Dark Knight series DC hasn’t been too satisfying for me.

I’ve found my satisfaction with the brand has a heavily influence on my hopes for its success or failure. For example, I generally loved the Marvel Cinematic Universe, so the financial success of End Game made me smile. For Star Wars I loved the original trilogy and really enjoyed The Force Awakens (episode 7). When The Last Jedi (episode 8) was released I absolutely hated it. Same parent company. However the creative minds behind it failed to deliver for me. As a result, I find myself hoping The Rise of Skywalker (episode 9 coming out this weekend) fails financially. Strictly due to a bias I mentally have against Disney’s creative choices.

This bias made me think more about our own internal biases and how they can impact an audit. Our professional skepticism can become skewed when auditing the same departments and locations each year. We remember arguments over budgets or an audit issue from three years ago. Or we know about their kid’s activities and avoid asking the deeper questions that could uncover potential fraud.

When planning an audit we must address our internal bias and adjust accordingly. Do I really want a bad Star Wars movie? Absolutely not. Do you want the dad of a kid on your kid’s rival soccer team to lose their job over an inaccurate audit report? Or to spend time on an audit that has a default end result?

Which manager or department do you have a general dislike for? Before your next audit, address that internal bias. Which department do you really enjoy working with and look forward to chatting a bit during the next company party? How “independent” is that upcoming audit? This seems so simple yet we still allow these opinions to steer an audit more than facts and risks.

Take some time when planning an audit, acknowledge how your bias can influence the outcome. If you need a break to think about it, The Mandalorian has a new episode on Disney Plus today.

Just around the corner, in 2020, non-accelerated public filers will have their external auditors include “Critical Audit Matters” (or CAMs for short) in their audit reports. Here’s a brief overview of what a CAM is and how Executives along with Internal Audit can prepare for this new PCAOB requirement. At the end of this article there are links to PCAOB guidance as well as additional links to articles other firms have written.

Changes to the audit report

The definition of a CAM (per the PCAOB) is “… any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that:(1) Relates to accounts or disclosures that are material to the financial statements; and (2) Involved especially challenging, subjective, or complex auditor judgment.”

At a high level, this could potentially include not only material weaknesses, but also Significant Deficiencies typically not included in public documents. There is also a lot left open to an auditor’s opinion. Which could result in businesses in the same industry having different levels of CAMs depending on not only which audit firm they use, but which Partner is responsible for the audit.

How to get ahead of the game

There are several steps the CFO and the Director/VP of Internal Audit can take to start preparing for this new requirement. First, go straight to your auditors. Ask them for their internal guidance, whitepapers, etc. Also ask them what items in the past could have been included as a CAM. This should open up some dialog and get you pointed in the right direction for avoiding potential CAMs in the future.

Next, Internal Audit and the CFO should identify which business processes could have CAMs be documented due to the complex nature of the process or subjective decisions used in calculations and reporting. Some areas could include taxes, derivatives and goodwill calculations. Management should also consider which areas have the most struggles getting through an audit. It’s not a large stretch of the imagination to see departments with past audit struggles to start showing up in CAMs.

Internal Audit should work with the Internal Control person (or whomever is responsible for updating SOX documentation) to identify any new controls or Non-Key controls which might need to be elevated to Key. An additional option is for Internal Audit to conduct specific audits to target these higher risk areas. Combining your discussion with the auditors with your internal discussions, these audits should give you a good snapshot of potential CAMs.

Another Option

Another option to consider is asking your auditors to complete a “dry run”. Most audit groups are wanting to conduct a “dry run” so your request should be met with open arms. This will give your auditors time to discuss details internally and your company time to address items before they are publicly disclosed.

External Links

For more information, I found these pages helpful. If you have any questions feel free to reach out any time via e-mail thomas@r-vmc.com

PCAOB Implementation of Critical Audit Matters: The Basics

PCAOB Implementation of Critical Audit Matters: A Deeper Dive on the Determination of CAMs

From Deloitte (In conjunction with Harvard Law School): Critical Audit Matters—What to Expect

Journal of Accountancy: What ‘dry runs’ reveal about critical audit matters

Internal Audit Directors (Vice Presidents, Chief Audit Executives, etc.) have a delicate balance to maintain in the office. They are in a unique position of having to not only run their own department, but also have positive relationships with the Audit Committee and every other Executive, Manager and Department Head. Sometimes it’s easy to forget the small things that are important.

Click Here to E-Mail Us

Click Here to go to our Home Page

Audit Reports

Every Internal Audit Department we’ve worked with has had three issues with their audit reports.

1) Timeliness of distribution. Do you rewrite every report, go through 3 levels of review, adjust the font, set up meetings and then reschedule them multiple times, then realize the audit was over 6 months ago and the report still hasn’t been issued?

• Standardize your reports, limiting the need to adjust mundane issues
• Ensure your auditors are communicating with the auditees throughout the audit, requiring what is in the first draft has already been communicated to the proper managers
• Set deadlines and hold people accountable. Including yourself.

2) Length of the report. Get to the point. Do you want to read a 50 page report on why buying copy paper from one company is better than buying it from another company, even though it’s $1.25 per case more expensive? No? Then stop adding in lengthy details to your own reports.

3) I’m leaving this one blank, you have your own answers for this one.

Give a Peace Offering

Think about the next audit that hasn’t started yet. Internal Audits are a “necessary evil” to many people. See if you can adjust their view by being friendly. Take the Manager (or whomever is in charge of what you’re auditing) out to lunch in advance of the audit. Have donuts dropped off in that area of the office the first day of the audit (and the last). These small steps can pay dividends when your team requests samples or sends out a first draft of the report for review. Responses might come a bit quicker.

Non-Auditor Training

Do you get complaints that either the auditee sent the wrong information or keeps questioning every request and question from your team? It might be a gap in communication and general lack of understanding from the auditee. Instead of arguing and demanding, why not add time to the schedule this year (don’t wait until next year) to conduct cross-company training? An auditee should understand what proper audit evidence looks like. The purpose of an audit. How information flows between departments within a company. You’ll probably find some process improvement opportunities and add real value to your company in the process.

Department Training

Many departments lack solid training, typically due to budget restraints. An easy way to address this is to have each member of the department join a different professional organization (such as the IIA, ACFE or ISACA). Then work with each to identify local, inexpensive training options which have topics that are valuable to either the entire group, or to that individual.

If you aim for one training event a month, rotating between the different organizations, you’ll see positive dividends very quickly.

Click Here to E-Mail Us

Click Here to go to our Home Page

You notice them, sometimes envy them.

They seem happy, smiling even on Monday mornings. They come in, stir things up, then vanish when your boss starts reviewing the budget.

Consultants. Sometimes they work for a consulting firm, other times they are solo. You wonder how they got so lucky…and if you should join their ranks.

What you don’t see, however, is everything that transpired leading up to that happy Monday morning.

To be an independent consultant, or even start your own consulting practice, you must have the ability to completely disconnect your feelings from situations. No, I’m not exaggerating. This isn’t to complain or scare you away, this is just the hard truth about consulting that isn’t talked about.

Client first communication to first payment time…not exactly a bi-weekly paycheck.

The first headache is the timing of projects. You get a call or e-mail about some potential work. Normally it takes two weeks or more from initial communication to project start. You’re told to send your invoice/hours every two weeks. The client pays net-30 days (could be 15…could be 45+). That’s 8 weeks, two months, from initial contact to first payment. If you’ve had a gap between projects, you’re watching that savings account drop quickly.

Project length? You mean “oh no we lost our budget”.

You start a 3 month project, happy to have the income again and the ability to breathe a bit financially. 6 weeks into the project the client comes to you “we just had our budget cut, we have to wrap up this week”. You had 6 weeks left of work, now it’s 6 hours. You take an extended lunch and start contacting every contact you have in your network, hoping someone needs you to start soon.

Referrals…promises rarely kept

You’re hoping to find a new project soon. A friend/former colleague, new LinkedIn connection or family member sincerely wants to help you out. “I know someone at ______ I’ll introduce you”. Typically one of the following will happen:
1) They forget about it and never make the introduction
2) They e-mail or LinkedIn IM the person and you at the same time, the contact doesn’t respond
3) The respond, but with a “no thanks”
4) You find out that person has nothing to do with what you do and can’t help you
5) Somewhere around the 5% range the introduction will lead somewhere. Promise of future discussions is the norm, but occasionaly you’ll get lucky and a project will come of it.

Working with other firms…the silence echoes.

You network with other firms, hoping to help each other out as projects come up. Sometimes this can work beautifully. Other times… well here’s what can happen from our own experiences.

1) “I don’t provide the same service you do but I have so many clients that ask about it, I’ll send them to you.” They don’t.
2) They constantly contact you to see if you have work for them, but ignore your e-mails when you are looking.
3) They contact you about a project need then fail to communcate things like…
a) Oh the client requires local talent in Boise only
b) They don’t actually have the project signed
c) They just stop responding to e-mails or phone calls
d) “They pay net 90 days”
e) They want a 30 year expert at rookie rates

Honestly the communication part is the biggest, most painful part of the experience. Sudden silence. Project details that could have been brought up in the first contact. Unreasonable rate expectations, etc.

Parterning with “complementary” firms”

They provide difference services than you. Easy to refer work to each other. You have lunch, talk in broad terms, have a good idea of how to help each other, then a week later they ask for a profile for a project. You’re excited, it looks promising, then nothing. A month later that firm is offering the same service you provide, they figured out the profit margin they could get with sub-par consultants and greed takes over.

Pounding the pavement…over and over and over…

A consultant has to balance their time between networking for projects, doing the actual work, invoicing clients, keeping up with their professional education, and also the normal soccer practice, school plays, date night with the spouse, etc. You are always networking, you never know when a project might be canceled a week before the start date (happened to me last year) or ended early. Even if it goes the full length, you see that end date rapidly coming and that delayed first project payment looms.

Why is that consultant smiling on a Monday? Perhaps they are working for the first time in a month. Or maybe they just lined up another project later in the year. Maybe the start date worked out where they know they finally don’t have to touch their savings between projects.

Still thinking about going into consulting? Is it rewarding? Absolutely. Can you get experience and opportunities others don’t get? Yep. Will you have to work harder than you ever realized to get there? Without a doubt.

But you know what?

I wouldn’t change a thing.

Interested in doing consulting/project work in internal audit, SOX, accounting or IT? Looking for consultants that actually communicate and aren’t constantly selling you other services? thomas@r-vmc.com is the best way to reach us.

If your Internal Audit department is like most others, your organization sees you as a “necessary evil” and only provides you limited support. As a result, implementing automated audit programs, and improving efficiencies within your department becomes nearly impossible. You look for small ways to improve your department but you’ve run out of ideas. Here are some ways you can improve your internal efficiency and potentially automate certain functions without touching your budget.

Talk to your IT Department. I’ve been surprised by the number of times there were software solutions already available which no one knew about. Either a module in SAP or Oracle wasn’t turned on or SharePoint was part of the Office software package but long forgotten about. In another instance SharePoint was available but the IT department didn’t have anyone who knew how to set it up for workflows. I was able to learn SharePoint myself and create an internal controls issues log which was tied to the Active Directory. As deadlines approached for remediation, automated e-mails were sent to the control owners and their direct supervisors were notified as deadlines were missed or other issues happened. That IT group was hesitant to provide SharePoint access because they expected more work for their department, in the end it had almost no effect on them.

Standardize Controls. If your company has multiple locations and/or de-centralized processes, you probably have similar controls in multiple locations, but have to test each one a little differently. Working with the internal controls person or the proper members of management, can help to standardize the controls which in turn allows you to standardize your testing procedures (see the next recommendation below). This also could identify process gaps where controls are not as strong, an added benefit to your organization.

Standardize your testing. If you’re able to standardize controls in the organization, the next natural step would be to standardize your testing procedures. Populations, evidence requirements and testing attributes should be the same regardless of the location. Creating standardized templates for each control and process reduces the amount of prep time needed for each audit.

Standardize your reporting. Not much is needed to be said here, the prior two steps should lead to a natural standardization of your audit reports. Stop reinventing the wheel every time you issue an audit report.

Utilize the functions of MS Office. Most businesses use Outlook, Excel, Word, etc. for their business needs. Expanding your team’s knowledge of these tools can benefit those inside and outside of your department. For example, instead of sending an e-mail with a question, use the “delay send” feature for an hour or so later. It never fails, I’ll send a question only to have another question pop up 5 minutes later. This allows your questions to be in one e-mail, easier to track and find later, rather than multiple e-mails bouncing around.

Utilize OneNote, a typical application within MS Office. Employees can keep notes and questions on a shared page while having personal notes on private pages. Resulting in better collaboration within your department.

Utilize LinkedIn’s free learning center to take courses on subjects such as PivotTables in Excel. While you’re at it, they also have tons of courses on leadership and mentoring which can help your own career as well.

The first place you should always look, however, is internally. The entire Internal Audit team and the auditees. Listen. Don’t be defensive. Let them help be part of the solution.

You can contact us at thomas@r-vmc.com or 936-494-5135. We’re also on LinkedIn (Thomas’ profile, R-VMC company page).

The CISA, or Certified Information Systems Auditor certification, provided by ISACA, is a standard certification for those who audit, control, monitor and assess information technology and business systems. But what does that mean to an Executive when this certification is mentioned? Can CISA certified consultants provide value, or is it just another in a long line of letters people can put behind their name?

There are many internal audit consultants who are able to test and advise on IT related internal controls and risks. Not having a certification doesn’t mean they don’t know what they are doing, however having this certification can bring a unique set of skills and knowledge that a general auditor can’t provide.

The certification is broken into 5 areas, I won’t bore you with the details, but in summary they are:

1. How to plan, conduct and report on Information System (IS) audits
2. The ability to evaluate the current IT structure, systems, governance and compare them to the organization’s strategies and objectives
3. Able to build a business case and implement new IT systems including assistance with the acquisition, development and implementation phases
4. Evaluate the maintenance and internal operations of an organization’s systems
5. Evaluate the organization’s ability to ensure the confidentiality, integrity and availability of all critical systems

Having the ability to understand IT systems, how an IT group should function, the ability to implement new systems, and then also plan and execute a full audit program should provide immediate value to any organization.

Someone with over 8 years of experience (the minimum at Re-Vision Management Consulting) would demand a salary of $110,000 or higher, depending on experience, size of your organization, etc. For ease of calculations, let’s say their salary is a flat $100,000. Add in insurance, payroll taxes, 10% bonus plan, and similar costs, you’re at approximately $135,000, not including the cost of hardware, software licenses, continuing education, etc.

Having an outside resource, available when you need them (instead of always on staff) can be beneficial to an organization. Providing a cost savings while gaining the knowledge and insight when you need it.

We would love for you to meet one of our CISA certified consultants to get an understanding of what your needs are and what risks keep you up at night. E-mail our founder at thomas@r-vmc.com and let us give you a new perspective on your organization.

Or you can fill out the form below and he’ll be in touch shortly.

My son is in his second year of competing in gymnastics.

During his first year he learned a lot and was able to work hard enough to earn 3rd place overall in his age/division in the South Texas “State” competition. His medal holder was so full that I had to make him a new holder for this season.

This season he moved up a level and he’s going against some boys who previously competed at this level last year. In the first several competitions he was able to hold his own and even place in the top 25% consistently. Then a large event came up with stiffer competition.

This 10 year-old who is used to riding home with multiple medals around his neck came home with one, a 3rd place on rings. He was devastated. The car ride home was long, the mood was somber. Two weeks later he confessed he even thought about giving up (not that we would let him…but the thought was there).

In business we face our own unique set of challenges. Lost sales, critical decisions which turned out wrong, important employees suddenly putting in their notice, customers cancelling orders, finding out an employee you think more of as family has been stealing from you for years. Many of these situations can cause one to question their future, question how they want to move on. We get knocked down and question if it’s really worth it.

Getting some perspective on the situation can help. Talking to other leaders within your company, peers, mentors, etc. can help you see the forest through the trees. If you have an employee who is or could be doing something inappropriate then a third party like Re-Vision Management Consulting can help soften the blow as well as help prevent other situations from coming up. (You don’t want to suddenly question every employee if your “favorite” makes bad decisions.)

For my son? He worked hard the next two weeks, found a different perspective by learning a new focus technique on the way to a competition. The result? 7 medals (out of a possible 7) and 2nd place overall.

Don’t let internal control issues, fraud or other concerns derail your focus. Identify the underlying cause of the issue and fight to ensure the problem doesn’t keep returning.

Whether you’re the one that started the business or you joined later on, if you’re an owner, partner, CEO, CFO, President or have a similar title, odds are you take ownership of the company you work for. If your business is on the path towards an IPO then you might even feel like you’re about to loose some of that ownership. I understand your point of view, I started Re-Vision Management Consulting over a year ago and I’ll do everything I can to make it a successful business. One thing we need to be careful of is being blind to our risks. It’s easy to think we have everything covered, but when something slips through the cracks we only have ourselves to blame. Having a proper accounting function, a risk assessment, and even an internal audit function of some sort may be steps you need to take, regardless of whether or not you want them.

Business size doesn’t equal business risk

All businesses have some sort of risk. For example, right now I’m tracking some advertising, responding to e-mails, writing this article and thinking about an invoice that I still need to send to a client. Not to mention I have a self-imposed deadline for some work I’m personally doing for a client. If you’re a smaller business then you might consider how you handle your accounting a bit differently. Did you know many businesses outsource some or call of their “accounting” function? For example, I have a publicly traded client whom we perform outsourced Controller/CFO work for. Why? They don’t have a need for a full-time person in that roll. Their cost is MUCH lower to outsource the function than hire someone full-time. And if the need arises, we can scale up without dramatically increasing their costs.

If you’re a larger corporation then outsourcing an entire accounting function might not be reasonable, however utilizing consultants for specific needs can save time, money and headaches. If you’re thinking about an IPO then having a few professionals who have taken multiple companies through the IPO process can provide invaluable support but without the burden of hiring them full-time for a short-term need.

Risk Assessments – A Necessary Evil

Large or small, public or private, a risk assessment is always a valuable tool to have on hand. As stated in this article an outside look at your business might identify risks you hadn’t thought of before. It’s important to consider accounting, supply chain, HR and other internal risks in addition to your standard safety and operational risks. Implementing a few internal controls can prevent serious threats to your company that you weren’t even aware were there. Many times a company grows extremely fast and employees start wearing too many hats in the “corporate” office. That hard working employee is suddenly in charge of HR, IT and Accounts Payable and one day you realize they’ve been stealing thousands from you and you had no safeguards in place to prevent it from happening.

Internal Controls and Internal Audit

Before you roll your eyes and close the article, keep reading for just a bit longer. Having a small, outsourced Internal Audit function can be extremely beneficial to any organization. They can help identify risks you hadn’t thought of while also preventing theft, fraud and other serious financial risks. This allows you to focus on the operational side of the business, the part that you had in mind when you started the company (or what drew you to joining the company).

Anyone who has worked for a public company knows what an “internal control” is. They also might cringe and try to talk you out of it. However, if done properly internal controls can be used as weapons within your organization to drive better decision making and prevent waste. They can prevent rogue employees from making poor decisions and help set clear lines of authority as your company grows. If your company is a private company then you can have a strong hand in what controls and business functions are important and which areas can be left alone until the risks increase. Utilizing an external consulting firm can help you understand the level of risks in every section of your business (HR, Accounting, Supply Chain, IT, etc.) so that you can make informed decisions and balance risks with costs with clear understanding.

Regardless of the size of your business there will always be risks that you need to be aware of. Obtaining an outside view can help you see the risks under your radar and help you address them appropriately. Accounting consulting, risk assessments, internal audit and internal controls are all very important areas to consider to protect what you work so hard to build.

About the author: Thomas Mullinnix is the Owner and Founder of Re-Vision Management Consulting, LLC. A consulting firm focused on accounting consulting, internal audit, internal controls, IT, SOX and similar areas. He can be contacted at thomas@r-vmc.com and also here on LinkedIn. R-VMC is not a CPA firm.

I’m thankful to live in The Woodlands, just North of Houston, TX. While enjoying some beautiful weather recently, my son and I walked around our house to do a “risk assessment”. Our 1/3 acre lot is in a subdivision that was one of the original subdivisions in The Woodlands. Having a house that’s over 40 years old can be a challenge at times, but we love it and have no desire to move any time soon.

My son (who is 10 years old) helped me count the trees on our property and asses if any posed a risk to our home. Similarly, a company’s risk assessment typically identifies risks to the organization. While these risks could be external (I have 5 trees outside of my property that could cause damage in later years) or internal (20 trees are on my property), sometimes you have risks which could impact groups outside of your organization.

For example, I have a tree on the back part of my property which is leaning a bit. It leans away from my garage and is no where near my house so I’m not that worried about it. When walking the property though, we realized something, the tree is directly over my neighbor’s back patio. A section of their backyard they use regularly. I suddenly have an increased risk in an area I never even though to consider in previous risk assessments.

What helped identify this risk? Having an independent, second set of eyes (my son) who was able to see our risks from a different point of view than my own.

Do you seriously consider your risk assessment, or do you keep it around just to satisfy your auditors? It might be time to give it a fresh point of view.

Contact us at thomas@r-vmc.com if you’d like to get an independent opinion of your risk assessment, internal control documentation or 2019 internal audit plan. Or contact us using our form at www.r-vmc.com/contact-us