TPRM Ad Hoc Review Services

PRIMARY CONTACTS:
Eric M. Wright CPA, CITP
William M. Deller CISA, CTPRP, CTPRA, CCSFP

Our Third-Party Risk Management external assessment services model is flexible so that we can serve a variety of client needs.

If your organization already has a third party assessment process, our team can perform ad-hoc reviews of standards-based frameworks. After all, audit and assurance are part of the core skillsets that our IT audit team was built on. The following is a list of standards-based assessments we perform:

  • SOC (System and Organization Control) Report Reviews – one of the best indicators that you can trust a Third party with your data is if they have a SOC report completed on an annual basis by a reputable audit firm. However, reviewing SOC reports is a vital part of TPRM processes. This is where our knowledge as a premier provider of SOC reports complements our ability to review Third party SOC reports and behalf of organizations.
  • Standard Information Gathering (SIG Questionnaire) – Schneider Downs is a registered firm with the Shared Assessment program through the Santa Fe Group, the leader in TPRM best practices, education, and guidance.  We leverage tools such as the SIG and SIG Lite to provide assessment services.
  • Compliance –  HIPAA, HITRUST, NIST, ISO, PCI, FFIEC, CIS CSC, and many more

Additional TPRM Services

Schneider Downs TPRM Resources

Built by our tenured team of security, risk and compliance practitioners. We have leveraged decades of diverse subject-matter expertise and experience to be able to provide the following resources and tools:

How Can Schneider Downs Help?

The Schneider Downs Risk Advisory Services team has the expertise, credentials and tools to help you build, implement, recalibrate, and manage a world-class third-party risk management program. We understand that outsourcing business functions to third parties is essential in today’s business environment.  While outsourcing provides benefits such as increased efficiency and cost savings, it also increases an organization’s risk exposure to a myriad of threats presented by outsourcing.  Understanding how to identify and manage the risks presented by third party providers is vital for any business.

For more information visit 2ev.dfwconsultantsinc.com/tprm or contact us to get started.

case studies
 
                                    Company impacted by ransomware.
big problem:
Company impacted by ransomware.
big thinking:
Restore system on-site and avoid six-figure ransom.
 
                                    Inefficient tax credit realization.
big problem:
Inefficient tax credit realization.
big thinking:
Identified a $900,000 tax credit, nearly twice as much as prior years.
our thoughts on

SEC Adopts Final Climate Disclosure Rules

Learn more about the SEC's final climate-related disclosure rules and what public companies will need to do moving forward.

read more >

Proposed Bipartisan Tax Plan Released – Overview of the Tax Relief for American Families and Workers Act of 2024

Learn more about the proposed Tax Relief for American Families and Workers Act of 2024 and the highlights included within the Act.

read more >

Understanding CA SB 261: The Greenhouse Gases: Climate-Related Financial Risk Act

Learn more about what public and private companies need to know about CA SB 261, the Greenhouse Gases: Climate-Related Financial Risk Act.

read more >

Tis the Season: Unwrapping the Top Holiday Scams of 2023

Learn about some of the top online scams circulating this holiday season.

read more >

Fraud Week 2023: Frauds of the Rich and the Famous

Learn more about ACFE International Fraud Week and explore famous fraud cases including FTX and the Fyre Festival.

read more >

2024 Cost-of-Living Adjustments for Retirement Plans and IRAs

Learn more about the 2024 cost-of-living-adjustments for retirement plans and IRAs.

read more >

Think Before You Click: Fake Browser Updates are Back in Style

Learn more about the resurgence of one of the oldest malware attack methods in the book: the fake browser update.

read more >

The SEC ‘Names Rule’: Unpacking the Impacts to ESG Funds

Learn more about the impact of the SEC's amendment to the Investment Company Act of 1940 on ESG naming conventions.

read more >

Cybersecurity Awareness Month Celebrates 20 Years

Explore our latest security awareness materials in support of Cybersecurity Awareness Month.

read more >

How LinkedIn and a Phone Call Led to the Massive MGM Ransomware Attack

Learn how social engineering and vishing led to the massive ransomware attack halting operations at MGM Resorts and Casinos.

read more >
contact us

contact us

Pittsburgh
Columbus
Metropolitan Washington