Enterprise Risk Management/Internal Controls for NASDAQ Firm


The Risk and Compliance Division within a firm with a market capitalization of $2.67B was tasked with implementing an Enterprise Risk Management (ERM) function. The firm had recently become a publicly traded corporation and had to comply with Sarbanes-Oxley (SOX) by implement GRC processes. Specific services included developing an ERM Plan which outlined as detailed risk management methodology as well as how to embed ERM in firm practices, outlining how the Archer GRC tool could be tailored for the organization, developing staff and executive briefings, and developing a roadmap for implementing ERM.

Core Services

  • Governance, Risk and Compliance
  • Strategies and Frameworks (NIST, SOX, ISO, GDPR, HIPAA, PCI DSS)
  • Current State/Gap Analysis
  • Risk Identification and Assessment
  • Risk Analysis and Evaluation
  • Risk Monitoring and Reporting


  • Developed a project management plan
  • Leveraged existing ERM assets from prior client engagements
  • Reviewed Archer capabilities
  • Conducted client meetings
  • Developed a comprehensive ERM methodology and implementation plan that was tailored for their organization

Brilliant Outcome Resulted in a Long-term Cooperation


  • The firm was able to identify critical risks and make progress towards SOX compliance 
  • Firm managers and other stakeholders have a greater awareness of ERM and its importance
  • Risk Management practices have improved due to Board and Executive buy in

Want to Bring your Ideas to Life?

Lets discuss how to do that

Explore More Case Studies

  • New Cybersecurity Policies

    ROCIMG Designs New Cybersecurity Policies for a Fortune 500 Global Company

    Read More
  • Team Building Effort

    ROCIMG Leads a Fully Virtual, Comprehensive Team Building Effort to Enhance Organizational Culture Within USDA OHS

    Read More