a product message image
{' '} {' '}
Limited time offer
SAVE % on your upgrade

Page 1

RISK ASSURANCE & ADVISORY SERVICES (RAAS) Protect and Mitigate Business Risk

I can say that based on working only with Big 4 firms during the past 16 years, I have had the personal pleasure of working with a strong team of professionals. The breadth of knowledge and experience Armanino brought to the table enabled us to learn more about the intricate accounting aspects of our business and communicate those aspects appropriately.” — Rich Castro, VP of Finance and Administration, LendingClub Corp.

The Armanino Advantage Your business exposures and compliance burden will continue to grow. Our experts provide an innovative, analytical and practical approach to managing your risk portfolio. We help you address cybersecurity, privacy, SOC audit, SOX readiness, compliance concerns and much more.

Services Offered Assurance • • • • • • •

SOC 1/2/3/+ reports SOC for cybersecurity SOC for vendor supply chains HITRUST Third party assurance/vendor risk management Compliance program assessments IT external audit

Cybersecurity and Privacy • • • • • • •

Cyber risk assessment Cyber program development & management Threat prevention & detection Privacy assessments Regulatory compliance (GDPR/CCPA) DPO outsourcing Privacy managed services

Advisory Services • • • • • • •

Internal audit SOX 404 Systems implementation IPO readiness ISO 27001 internal audits Royalty audits/contract compliance Business continuity service

Contact: Liam Collins Partner 415 710 4705 Liam.Collins@armaninoLLP.com


TECHNOLOGY-DRIVEN, RISK-MITIGATION SOLUTIONS Our solutions are built on a tech stack designed to efficiently and effectively reduce your organization's overall risk environment.

ASSURANCE • SOC 1/2/3+ • SOC for Cybersecurity • SOC for Vendor Supply Chains • HITRUST

• 3rd Party Assurance/ Vendor Risk Management • Compliance Program Assessments • IT External Audit

ADVISORY • Internal Audit • SOX 404 • Systems Implementation • IPO Readiness

• ISO 27001 • Contract Compliance • Business Continuity Services

PRIVACY • Compliance with Regulations: • CCPA • GDPR • Microsoft Supplier Data • PIPEDA

• Data Inventory • Outsourced Data Protection Officer • Impact Assessment • Program Assessment • Managed Services

CYBERSECURITY • Risk Assessment • Program Development & Management • Cyber Insurance Assessment • Policy Documentation & Education • Threat Protection

SOX COMPLIANCE Armanino has extensive experience from helping clients initiate their first-year Sarbanes-Oxley compliance programs to managing the execution of SOX programs for mature public companies. We have developed what is arguably the industry’s most comprehensive yet cost-effective approach to ensuring that your internal controls related to financial reporting comply with key aspects of the Sarbanes-Oxley Act most notably sections 302 and 404. We support pre-IPO emergent companies, newly public and early growth entities, and mature public companies.

Services Offered •

Outsourced SOX Compliance

Co-sourced SOX Compliance

Staff Augmentation

What Makes Armanino Unique •

We will be an extension of your team

We provide quantifiable efficiencies

We recognize that one size doesn’t fit all

We believe SOX compliance begins with “Why,” not just “How.”

Learn More: http://www.armaninollp.com/services/consulting/governancerisk-and-compliance/

Contact: Todd Bishop Partner 415 568 3471 Todd.Bishop@armaninoLLP.com

What is a SOC readiness assessment? A SOC readiness assessment assists organizations in determining preparedness for a SOC 1, 2 or 3 audit. It is a detailed analysis of the current control environment to determine which controls are in place to meet the SOC audit objectives. How often will you need a SOC audit? Generally, a service organization’s customers will want a completed SOC audit report at least on an annual basis. Some organizations decide to have a report completed more frequently than annually to coincide with their multiple customer financial reporting year-ends.

SOC COMPLIANCE Armanino has a dedicated System and Organization Controls (SOC) practice based on a methodology designed to ensure your SOC audits are extremely efficient, while adding value. Part of that value is ensuring you have answers to some of the frequently asked questions related to SOC audit reports and SOC readiness.

What are the different types of SOC reports? •

SOC 1: Report on controls at a service organization relevant to a user entity’s internal control over financial reporting.

SOC 2: Report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy.

SOC 3: Trust Services Report which essentially covers the same subject matter as SOC 2, but does not include the same level of detail as the SOC 2 report.

What are the benefits of a SOC audit? •

Demonstrates a strong control environment

Gives a competitive advantage when attracting new customers

Avoids the expenses of multiple audit requests

Identifies redundancies or ineffective internal controls

Supports customers in meeting regulatory requirements proactively Contacts: Liam Collins Partner 415 710 4705 Liam.Collins@armaninoLLP.com Patrick Hall Partner 925 790 2757 Patrick.Hall@armaninoLLP.com

DATA PRIVACY SERVICES EXPERT READINESS, IMPLEMENTATION AND MANAGED SERVICES FOR ASSURANCE AND COMPLIANCE Today, all companies—regardless of size or industry—face a very real risk of noncompliance with consumer data privacy laws (the EU’s GDPR, California’s CCPA, and other similar state laws). Armanino’s Privacy practice has developed effective privacy compliance methodologies that will enable your organization to achieve compliance in an efficient manner. We can also help ensure your ongoing compliance with these very challenging regulations. Having helped hundreds of clients tackle their cybersecurity and privacy challenges, we offer a range of cost-effective solutions to help business leaders combat ever-expanding threats, stay compliant with new regulations and successfully guard their assets.

Data Privacy Services Offered •

Program Development & Implementation

Data Inventory

Readiness Assessment & Reporting (GDPR, CCPA, HIPAA, and more)

CCPA Incentive Program Implementation

PIA/DPIA Assessments

Outsourced DPO Services

Tech Assist (due diligence support)

DSAR Implementation

Privacy Helpdesk

Data Protection Addendums for Processors

Data Protection Training (all levels)

Vendor Risk Management

Microsoft SSPA Attestations


Legacy Program Enhancement

Contact: Pippa Akem Senior Manager 415 568 3473 Pippa.Akem@armaninoLLP.com

CYBERSECURITY SERVICES EXPERT TECHNICAL GUIDANCE REGARDING ALL ASPECTS OF CYBERSECURITY FOR YOUR COMPANY Cybersecurity attacks come from a variety of sources and, today, all companies are at risk of falling victim to one. Armanino’s Cybersecurity practice has developed effective risk management methodologies that will enable your organization to mitigate risk in an efficient manner. With extensive industry experience, we offer a range of affordable fixes to help you stay compliant with new regulations and successfully guard your assets as the number of different cybersecurity threats grow day-by-day.

Cybersecurity Services Offered •

Risk Assessment

Cybersecurity Program Development & Implementation

Cybersecurity Quantitative Risk Management

PCI Compliance

Penetration Testing

Data Inventory

Readiness Assessment & Reporting (GDPR, CCPA, HIPAA, and more)

Outsourced CISO Services

Vendor Risk Management

Microsoft SSPA Attestations


Contact: Liam Collins Partner 415 710 4705 Liam.Collins@armaninoLLP.com

ADDITIONAL SERVICES HITRUST Armanino’s compliance experts are certified to provide HITRUST CSF assessments on your behalf. We optimize your control programs and increase efficiencies by coordinating HITRUST and SOC controls where possible. We can help you sift through the contractual agreements to determine the best certification path for your company. Once your HITRUST CSF certification is complete, Armanino will provide your organization with a press release template you can use to inform your customers and investors.

Contract Compliance Corporations allow millions of dollars in revenue to slip away simply because they don’t perform contract compliance audits. These audits ensure that you have controls in place to monitor and receive all revenues that are due to your organization via predetermined legal agreements. Armanino can provide an independent contract compliance review to identify issues with the accounting figures provided to you by public companies and your distributors, suppliers and other business partners.

ISO27001 Multi-national corporations headquartered in the United States often require proof of ISO 27001 certification to add a company to their approved vendor list for procurement purposes. This type of certification status can be a competitive advantage by letting potential customers know that it is safe to do business with you due to your disciplined focus on information security. Armanino can help your company prepare for the ISO 27001 certification process. We can also assist your company in developing and documenting your information security policies, procedures and practices to effectively address the information security risks for your unique situation and industry.

Enterprise Risk Management (ERM) For any organization to meet its goals and objectives it must face new challenges and take risks. To do this effectively, companies must keep their risk management processes up to date and stakeholders well-informed. An enterprise that lacks the capabilities to monitor and evaluate risks in real-time can become vulnerable to endless threats around strategy, operations, reporting and compliance.

A focused Enterprise Risk Management program can help a senior leadership team “take the blinders off” to correct tunnel vision. Companies can’t afford to wait for a big headline to break the news that they’re not prepared to weather a storm. Armanino can help leaders embed risk-aware decision-making into their strategic and operational processes, so they can be prepared to manage and mitigate risks that stand in the way of performance goals and business objectives.

Business Continuity According to research by the University of Texas, only 6% of companies that suffer a catastrophic event survive, while 43% never reopen and 51% close within two years. International Data Corp. estimates that companies lose an average of $84,000 for every hour of downtime. Despite these statistics, most companies do not place enough emphasis on Business Continuity Planning. Good planning would reduce the duration, cost and impact of an unplanned outage. Companies and IT organizations continue to work in a reactionary mode that places them at risk of experiencing events that have the potential to cripple vital business processes. Armanino can guide your company through the Business Continuity Planning process, by identifying weaknesses and implementing a disaster prevention program to minimize the duration of a serious disruption to business operations.

Internal Audit Strong internal controls are a critical business practice for all companies, whether or not they are required to comply with Sarbanes-Oxley (SOX). A robust internal control system reduces your chance of fraud and helps you protect your key assets, improve your operational efficiency, and ensure legal and statutory compliance. Armanino’s seasoned internal audit team works with organizations to create more effective internal control structures We offer a range of services across all aspects of the internal audit process to meet the specific risks and requirements of your organization.

IPO readiness If your company is planning to go public, understand that you can’t control the financial markets, but you can control planning and execution during the IPO readiness stage. Armanino’s IPO Readiness Team can help your company complete each of the key milestones along the IPO journey, including technical accounting, SEC reporting, internal controls, technology systems evaluation/implementation, process engineering, tax strategy and more. We’ve provided a variety of financial and tax consulting services—including IPO Readiness and SOX compliance—to 50% of the Silicon Valley companies to go public in the last three years.

FIRM OVERVIEW OUR PURPOSE A value statement for our clients

To be the most innovative and entrepreneurial firm that makes a positive impact on the lives of our clients and our people. BUSINESS SOLUTIONS Aligned with your strategy






HOW WE OPERATE We’ll never treat you in a cookie-cutter way The numbers don’t lie

Committed to your success

1,300+ Employees



TOP 25 CPA & Consulting Firms



An independent firm associated with Moore Global Network Limited

Expanding our global reach to


PARTNER OF THE YEAR Host of Software Suites

Additional countries HOLISTIC APPROACH We tackle your issues




Armanino is here to provide you with an innovative, analytic and practical approach to managing your risk portfolio.

armaninoLLP.com 844 582 8883

Profile for armaninollp

Armanino Risk Assurance and Advisory Practice  

The threats your business faces and the regulatory compliance requirements you must adhere to grow exponentially each year. Armanino is her...

Armanino Risk Assurance and Advisory Practice  

The threats your business faces and the regulatory compliance requirements you must adhere to grow exponentially each year. Armanino is her...