OUM’s risk management team has the experience and agility to assist you with all of your enterprise risk management needs. We provide risk-based audits and business controls services to help you ensure IT governance, risk management, and compliance. Engage OUM as an independent 3rd party and take advantage of a CPA firm licensed with the Public Company Accounting Oversight Board (PCAOB). Our licensed CPAs and IT auditors will assist you in developing a plan to mitigate those risks.

Download IT Advisory Overview
Get More Info

SOX Compliance

Compliance with the Sarbanes-Oxley (“SOX”) requirements is a necessary cost for public companies, both in time and in money. We also understand that you want to provide deliverables to your external auditor to maximize their reliance, but this seems difficult to achieve when new requests come year after year. This is where we can help.

Our professionals perform external audits and assist management to comply with their testing of internal controls over financial reporting. This allows us to understand and anticipate the external auditors needs while making recommendation to you that are within your resource capabilities.

We assist with companies to initiate their first year of compliance, remediate material weaknesses, and support established financial and information systems processes with added-value suggestions.

Our experienced team can assist you or perform compliance procedures for you in order to:

  • Integrate entity level, business process and IT controls to make the most of key controls
  • Maximize external auditor reliance on internal testing to reduce redundancy
  • Identify areas of potential misstatement for focused key control design and testing

We specialize in SOX Compliance for leasing, biotech, fintech and technology industries.

Internal Audit Services

With OUM’s Internal audit services you will have a partner who would apply a business lens to your IT challenges and draw our experience and industry insight to deliver value for your investment in internal audits. The more you grow, the more you need strategic data and process management to protect your customer and company information. OUM can assist in the following areas:

  • Advise on IT governance
  • Suggest ways to minimize business risks
  • Evaluate IT processes for efficiency and effectiveness
  • Design application and data controls
  • Help you assess system vendors, choose software, and provide advice during implementation to maximize your likelihood of success
  • Perform pre/post implementation review for major implementations
  • Design and evaluate the Information Security, Data Governance and Asset Management functions.
  • Baseline security review for various ERP’s, leading databases and operating system.


Cyber is more of a strategic business risk rather than a mere technology issue. As the world becomes smaller, cyber is getting bigger, and it’s moving in multiple dimensions across multiple disciplines. OUM Cyber helps organizations create a cyber-minded culture and become stronger, faster and more innovative, in the face of persistent and ever-changing cyber threats.

You will find a strong partner in OUM when it comes to establishing a cybersecurity control, program, and risk based framework like the ones listed below at your organization. OUM, with a team of experienced cyber security professionals have an in depth understanding of these standards. OUM can help with scoping and defining boundaries, gap analysis, risk assessment and mitigation, designing and implementing controls, cyber readiness review and ongoing audits.

Third Party Assurance

Instill trust in your service delivery processes and controls with a report from an independent Certified Public Accountant. OUM can help support that confidence with Service Organization Controls (SOC) reports (formerly known as SAS 70). Each of the following SOC reports is designed to help service organizations meet specific user needs.

  • SOC 1/ SSAE 18
  • SOC 2 / Trust Services
  • SOC 3 / SysTrust for Service Organizations
  • Readiness Assessments
  • Agreed upon procedures (AUP)

SOC for Cybersecurity

All companies face the risk of a cyberattack. The question is not if an attack will come – it’s when. Implementing a security program must be balanced thoughtfully, against the needs of an organization to operate effectively, and to actively pursue its future goals. While it is impossible to eliminate all risk of a cyber breach or attack, a well-designed program will actively mitigate those risks and minimize the negative impact on both short- and long-term business goals.

To address the cyber concerns of many organizations, the American Institute of CPAs (AICPA) has developed a cybersecurity risk management reporting framework that helps organizations communicate the effectiveness of their cybersecurity risk management programs to their senior management teams and boards of directors. Designed to enhance public trust in entity-prepared communications about the effectiveness of their cybersecurity risk management programs, the System and Organization Controls (SOC) for Cybersecurity reporting framework provides a standard method for reporting enterprise-wide cybersecurity risk management.

Using the AICPA criteria and guidance to identify deficiencies in controls, OUM’s team of advisors helps clients strengthen their cybersecurity risk management programs in preparation for attestation. We assess the current state of an organization’s cyber program, conduct a risk assessment and gap analysis, identify key risk areas, and recommend remediation strategies that align with SOC for Cybersecurity attestation standards.

ISO27001 Advisory and Pre-Implementation audits

You will find a strong partner in OUM when it comes to establishing an Information security framework like ISO27001 at your organization. OUM, with a team of experienced information security professionals who are also ISO 27001 certified Lead Implementers and Auditors, have an in depth understanding of the standard. OUM can help with scoping and defining boundaries, gap analysis, risk assessment and mitigation, designing and implementing controls, ISMS readiness review and assisting during the certification audit.

Please fill out the form to find out more about our Technology & Risk Advisory Services, and how we can support your public or private company.


Mustafa Kagalwala
Mustafa KagalwalaIT Advisory Director
Chris Millias
Chris MilliasPartner - Assurance & Advisory
Doug Pallotta
Doug PallottaPartner - Assurance & Advisory
Darwin Pangilinan
Darwin PangilinanPartner - Assurance & Advisory