Risk & Cybersecurity Advisory

Align oversight with your strategic goals and growth plans.

Risk touches every aspect of an organization—from the security of your systems to the integrity of your financial reporting. As regulatory expectations shift and operational complexity grows, AAFCPAs helps leadership teams assess vulnerabilities, prioritize remediation, and embed risk awareness into daily decision-making. Strong systems, well-designed processes, and a risk tolerance aligned workforce are essential to this effort, serving as both safeguards and enablers of more reliable operations.

Our risk advisory professionals bring a cross-disciplinary lens to your challenges, applying experience in governance, internal controls, compliance, cybersecurity, operational resilience, and strategic planning to build effective enterprise risk management programs. The result is a measured, practical approach tailored to your risk profile—one that supports growth without sacrificing resilience. Whether preparing for an audit or building a broader risk strategy, we provide clarity in an uncertain environment.

Risk is a constant. So is the need for judgment.

There is no one-size-fits-all approach to managing risk. AAFCPAs works with enterprise leaders to develop frameworks and safeguards that reflect the complexity of their operations and the industry in which they work. Our team brings deep experience in cybersecurity, financial reporting, compliance, and IT governance, helping you make informed decisions in high-stakes environments. By assessing the likelihood and impact of risks, and aligning safeguards with your risk tolerance, we help lay the foundation for long-term risk reduction. We offer perspective, not just process—so you can weigh risk thoughtfully, act decisively, and build the confidence that comes from preparedness.

Enterprise Risk Management

Whether building or enhancing ERM, gain structured, flexible oversight aligned to your organization’s goals and maturity.

Cybersecurity

Transform data into actionable insight while strengthening cybersecurity and IT risk management without compromising operational efficiency.

Fraud Examinations and Forensic Accounting

Gain clarity on financial irregularities and exposure through independent fraud examination and forensic accounting services.

Sarbanes-Oxley (SOX) Compliance

Design, implement, and sustain SOX compliance programs that support effective internal controls and reliable financial reporting.

Funding Uncertainty & Contingency Planning

Strategic Financial Modeling, Risk Assessment, and Continuity Planning to Navigate Funding Uncertainty

Litigation Support & Expert Witness

Strengthen your case with objective financial analysis, defensible reports, and credible expert testimony.

Internal Control and ITGCs

Strengthen your control environment by turning ICFR and other requirements into opportunities for improved confidence, performance, and efficiency.

SOC Reporting Services

Build client trust and demonstrate control maturity with SOC reports supported by rigorous assessments and ethical hacker oversight.

HIPAA Compliance

Gain clarity and audit-ready documentation for PHI compliance through structured, regulator-aligned assessments tailored to your environment.

ISO 27001 Readiness

Support at any stage—from building a new program to aligning existing SOC 2, NIST, or other frameworks with ISO—while improving efficiency, reducing risk, and strengthening audit readiness.

Technology & Process Advisory

Align technology and processes to reduce risk, strengthen controls, and support more resilient, well-managed operations.

Carla McCall Featured in FM Magazine on Finance Roles in Cybersecurity

FM Magazine Report: 5 emerging business cyberthreats — and how to combat them FM Magazine (October 2025) – From deepfakes to payment fraud, companies are at risk of increasingly complex cyberthreats—with finance taking a leading role in mitigating risks. Carla McCall, CPA, CGMA, Managing Partner of AAFCPAs, contributed insights into five emerging business cyberthreats and […]

How IT Controls Keep Your Systems and Data Safe

During AAFCPAs’ recent webinar, Understanding Your ITGCs: Why They Matter and How to Strengthen Them (November 2025), Lisa Whittemore, CFE, CRMA, MBA and Vassilis Kontoglis presented a practical framework for assessing, strengthening, and monitoring IT general controls to protect data, ensure operational continuity, and support regulatory compliance. A single misstep in IT General Controls (ITGCs) […]

AAFCPAs Expands Risk Advisory Leadership with Appointment of Lisa Whittemore as Partner

AAFCPAs, a U.S. top 100 CPA and advisory firm, is pleased to announce the appointment of Lisa Whittemore, CFE, CRMA, as Partner, Risk Advisory. Lisa brings extensive experience in governance, risk and compliance for public and private companies across a wide range of industries. She has more than two decades of experience as a global […]

View All Insights >>

Connect with us

John Buckley

CPA, CGMA | Partner

Vassilis Kontoglis

Partner, AI Digital Transformation & Security

James Jumes

MBA, M.Ed. | Partner, Governance, Risk & Compliance

Lisa Whittemore

Lisa Whittemore

CFE, CRMA, MBA | Partner, Risk Advisory

Contact Us

We look forward to speaking with you to determine how we may best solve your needs. A firm representative will reach out to you within one business day. Looking for additional ways to reach us? Visit our Contact Page. >>