KMH LLP
Home  /  Services  /  KMH SolutionsSM  / Risk Management Solutions

KMH Risk Management Solutions

RISK MANAGEMENT SOLUTIONS - We were one of the first accounting firms in Hawaii to develop a dedicated focus on the risk management function. This is evidenced by the fact that we were one of the first firms in town to outsource the internal audit function of an entire institution. Since 2000, we have dedicated tens of thousands of professional hours toward supporting several organizations’ internal audit/risk management functions. We have also been deeply involved in helping organizations manage and monitor the re-alignment, strengthening and conversion of numerous business processes to meet their strategic and tactical objectives.

As a result of SOX, the focus on the internal controls and risk management has increased significantly. At KMH, our appreciation and understanding extend beyond the traditional internal audit function. We focus on more than just risk compliance aspects by delving into understanding the root causes and sources of risk. As a result, we have been engaged by a number of Hawaii-based publicly traded companies to assist them with the development and execution of their SOX 404 compliance plan.

We assist organizations in determining the adequacy of the design of their internal control systems and the effectiveness of the control techniques and processes. Internal controls are defined as a system, affected by an entity's board of directors/trustees, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations. An organization's leaders are ultimately responsible and must assume "ownership" of the internal control system for their areas of responsibility. The process of Internal Control comprises five interrelated components:

CONTROL ENVIRONMENT
The core of any business is its people - their individual attributes, including integrity, ethical values and competence - and the environment in which they operate. They are the engine that drives the entity and the foundation on which everything rests.
Back to top

RISK ASSESSMENT
The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with revenues, production, marketing, financial and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze and manage the related risks. (See below)
Back to top

CONTROL ACTIVITIES
Control policies and procedures must be established and executed to help ensure that the actions identified by management as necessary to address risks to achievements of the entity's objectives are effectively carried out.
Back to top

INFORMATION AND COMMUNICATION
Surrounding these activities are information and communication systems. These enable the entity's people to capture and exchange the information needed to conduct, manage and control its operations.
Back to top

MONITORING
The entire process must be monitored, and modifications made as necessary. In this way, the system can react dynamically, changing as conditions warrant.

KMH can help you improve your internal control processes by effectively diagnosing the systems and systemic changes within your organization. As organizations experience growth, they find that key systemic processes are adversely impacted; consequently affecting operational efficiencies and profitability. In such cases, organizations do not have the time or the resources to dedicate toward the review and improvement of such challenges.
Back to top

Our Risk Management Solutions offerings include:



INTERNAL AUDIT OUTSOURCING AND CO-SOURCING
As a result of recent developments in the regulation of publicly traded companies and a heightened sensitivity toward corporate governance, the internal audit function has been transformed from a staid compliance function to a more sophisticated business process, risk assessment and management function. At KMH, our approach to delivering risk compliance services precedes these recent developments. Ours is based largely on methodology developed by Andersen’s Internal Audit practice and is focused on the risk management model. Andersen’s internal audit methodology also lives on as the foundation on which Protiviti’s (arguably the foremost specialty risk consulting firm in the world) practice is based.

Because our practice is based upon the same origins, we have been able to benefit significantly from the adoption of the Sarbanes-Oxley Act of 2002 and the overall increased focus on organizations internal controls. We understand the “new” perspective on internal controls and have assisted numerous organizations with the development and management of their enhanced internal audit functions.
Back to top

RISK ASSESSMENT AND INTERNAL CONTROL REVIEW
Business decisions, in IT or otherwise, are an exercise in the evaluation of the risk of inaction versus the cost of action to reduce risks - real or perceived. In today's hypercompetitive world, the function of risk management is vital to the long-term success of your company. At KMH, we have the ability to assist companies in identifying the key risks impacting their organization, assess the significance of those risks, and evaluate the design and effectiveness of management control processes that mitigate the risks.
Back to top

SARBANES-OXLEY RULE 404 - READINESS ASSESSMENT
SOX 404 currently only impacts larger publicly traded companies. However, among smaller public companies and within certain federally regulated industries in which compliance issues are a concern, the consideration of an entity’s ability to adapt to a SOX-like environment is becoming paramount to director boards and management. Our understanding of SOX compliance and the risk management issues prevalent in not-for-profit and insurance entities, two industries viewed as being likely early-adopters of SOX-like requirements, creates a situation where we are able to leverage off our existing knowledge and experience in preparing entities for the inevitable increase in compliance requirements.
Back to top

SARBANES-OXLEY RULE 404 - COMPLIANCE TESTING AND REMEDIATION
Since the adoption of SOX we have provided assistance to a number of public companies with Hawaii operations in the conduct of their internal SOX 404 assessment. Because of our understanding of business processes, internal control structures and financial reporting requirements and our commitment not to perform attest services to public companies, we have become a popular choice to provide SOX 404 service in the Hawaii market.
Back to top

For external audit services, please see KMH Assurance & Advisory Services.