Services
Five service areas. One standard: senior US-based consultants who are ready to work on day one.
01
Co-Sourced Internal Audit
The most common reason CAEs call us.
Your team is good. Your team is also stretched. The audit plan that made sense in January doesn’t survive contact with reality by Q3. Turnover, shifted priorities, a special project that ate three months of capacity.
R-VMC drops in senior consultants who join your team for a defined period, take ownership of specific audits or workstreams, and hand the work back cleanly when the engagement ends. Our consultants average 15+ years of experience, so there’s no ramp-up time and no training your staff has to absorb.
02
Outsourced Internal Audit
A complete internal audit function, run by R-VMC.
For companies that don’t have an internal audit function and need one, or have one that isn’t working and need to replace it.
We work directly with your leadership team and external auditors, build the annual audit plan, execute it, and report results to your audit committee. You get a fully functioning IA department without the cost and complexity of building one in-house.
03
SOX Compliance Support
For public companies and recent IPOs.
SOX work is heavy on documentation, testing, and program management, and most internal audit teams don’t have the capacity to do it well alongside the rest of the audit plan.
R-VMC handles the SOX workload end to end or in pieces: scoping, walkthroughs, internal controls documentation, design and operating effectiveness testing, deficiency tracking, and management’s annual assessment. We’ve supported SOX programs for companies in their first year of compliance through companies that have been at it for a decade.
04
IT / ITGC Testing
Covered by consultants who hold the certifications.
Our IT audit consultants hold CISA, CISSP, and other relevant credentials. They can test IT general controls, application controls, and IT-dependent business process controls without a learning curve on your environment.
We cover the full range. Change management, logical access, computer operations, system development. Across the platforms your business actually runs on.
05
SOC 2 Advisory
Building or maintaining a SOC 2 program.
For companies pursuing SOC 2 for the first time, we help you scope the engagement, select the trust services criteria that fit your business, design the controls, and prepare for the auditor.
For companies that already have a SOC 2 report and need to maintain it year over year, we manage the ongoing work so your team isn’t scrambling every audit cycle.
Let’s talk through what you need.
Thirty minutes. We’ll talk through what your team is dealing with and figure out whether R-VMC is the right partner. And if we’re not, we’ll tell you that too.