Main Menu


Our risk services professionals have the talent and expertise to help you develop and conduct a cost-effective enterprise risk assessment that will help you position your organization to understand and effectively manage risks and improve performance. Enterprise risk assessments help organizations

  • Understand the significant risks facing the organization
  • Prioritize risks in terms of severity of impact and probability of occurrence
  • When risk is considered significant, focus on more detailed process risk assessments
  • Identify opportunities to improve internal controls and other risk management activities
  • Identify opportunities that may exist to improve efficiency, streamline workflow and enhance performance.

Our enterprise risk assessment methodology provides a consistent approach to evaluating risk and identifying opportunities to improve processes. Deliverables include a risk profile, which serves as the foundation for developing a risk-based audit plan, identifying needed management initiatives and generating specific recommendations for performance improvement.

ERM Program Development

Our enterprise management approach is comprised of five distinct
phases. Each phase has its own set of objectives and expected results. They are as follows: 

Phase 1: Planning and Organization 
Establish the ERM program/project structure

Phase 2: Risk Assessment
Identify, analyze and prioritize risks

Phase 3: Risk Mitigation
Identify and develop risk mitigation strategies

Phase 4: Monitoring
Develop strategy and tools for continuous
monitoring of risks

Phase 5: Knowledge Transfer
Institutionalize the process into the organization

Our team of diverse risk experts incorporate our unique
approach and develop a ERM program tailored to the
specific needs of our clients.

Business Process Assessment

As companies grow, their needs change and processes must be adjusted to support the business. Far too often these changes are made in a patchwork manner and result in processes that are costly and inefficient or ineffective in meeting the needs of the company. When performing a process improvement engagement, we evaluate the effectiveness and efficiency of each process, focusing on the following:

  • Goals and objectives and effectiveness of measuring and monitoring progress
  • Organization structure and alignment with the company’s strategies and organization structure
  • Staffing levels, roles and responsibilities, knowledge, and training for personnel
  • Use of technology to enable the process
  • Design of process, including policies, procedures and related internal controls
  • Segregation of duties
  • Identification of potential risks and opportunities associated with each process area

Fiduciary Risk

With heightened governmental scrutiny and increasing ERISA litigation, fiduciary risk is a growing concern for those with retirement plan responsibilities. Vulnerability often stems from inadequate definition of the legal obligations fiduciaries have and from inadequate fiduciary procedures.

We focus on the interests of plan participants and beneficiaries and generate effective and properly designed training, systems and processes for meeting fiduciary requirements. This usually results in a reduction of fiduciary risk.

The most important step in successfully fulfilling fiduciary responsibility is to formally establish and maintain processes and procedures that focus on the interest of the plan participants. Those processes and procedures should be tailored to your organization’s unique structure, operations and applicable regulations. We can help you with:

  • Fiduciary investigations
  • Fiduciary reviews
  • Fiduciary governance and structuring
  • Fiduciary training

Technology Risk

Our technology risk team focuses on assisting companies in managing technology risk, improving processes and internal controls, maximizing return on their ERP investments and complying with the provisions of Sarbanes-Oxley. At Brown Smith Wallace, we are able to provide a full spectrum information technology audit team with specialist capabilities in all major technical competencies (e.g., infrastructure, operating systems, applications, databases, etc.).

We help organizations of all sizes and provide a wide range of cost-effective technology risk management services. Our services are designed to provide successful evaluation, review, monitoring and maintenance of your systems with minimal disruption to your daily operations.

Construction Risk

We provide companies with construction risk management by identifying and analyzing potential risks that may occur throughout the construction process. We perform risk assessments on construction projects to help you prevent and mitigate potential costly delays and disruptions.

Our construction risk team brings extensive experience gained in adapting to the complexities of construction projects while maintaining our proven practices and procedures throughout your construction process.

For more information on any of our enterprise risk management services, please contact us today.

Thought Leadership


Meet Our Team

Schedule a Meeting

Back to Page