Regulatory Compliance Services to Lower Risk in a Complex World

The world around us is changing faster than ever. That puts businesses like yours at risk. At Maxwell Locke & Ritter, we understand this dynamic and have built our business to protect yours—from customized risk management solutions that help you cope with an evolving marketplace to forward-looking compliance services that ensure you are always prepared for the next regulatory change.

Experience that Matters

We’ve assembled a deeply experienced team of CPAs, information security auditors, and IT professionals that can minimize your company’s risk profile. We deliver a comprehensive suite of regulatory compliance services across a diverse range of industries, regulations, and control frameworks. Combining this with our tech-enabled approach results in efficient engagements that provide the critical insights you need to manage governance, risk, and compliance effectively.


Key Services

SOC Readiness & Examinations

System and Organization Controls (SOC) reports were created to decrease the audit burden on service providers by establishing a standardized report that can be issued to end users. A SOC examination from a reputable firm can be a market differentiator for organizations that want to appeal to a broad range of high-value customers. SOC 1 reports, also known as SSAE 18 reports, are designed for organizations that provide services that impact their customers’ financial statements or internal controls over financial reporting. SOC 2 reports are more technical in nature and focus on one or more trust service principles – security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are relevant to service organizations that are relied upon for the operational needs of their customers or for protecting sensitive customer data. Learn more about SOC examinations and which SOC report is right for your organization.

SOC Examinations and Assessments:

Sarbanes-Oxley (SOX) Assessments

For public companies and companies gearing up for an IPO, compliance with the 2002 Sarbanes-Oxley Act (SOX) is an expensive and complex undertaking that may overwhelm your internal resources. Our team of CPAs and information security auditors follow the internationally recognized COSO framework. SOX assessments provide an avenue to identify risk areas and implement controls specifically designed to mitigate risks without being overly burdensome or time consuming. Our risk-based approach is tailored to each client based on industry, applicable regulations, company size, financial systems, and IT architecture to provide a customized solution for the life stage of your business.

Sarbanes-Oxley Assessments:

  • SOX Readiness
  • SOX Compliance
  • SOX Program Optimization
Healthcare Compliance

Organizations that store or process health information or act as business associates are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of protected health information. During a HIPAA Gap Analysis, our experienced team evaluates organizations against the HIPAA framework, creates a customized control framework, and identifies and prioritizes areas of noncompliance. Organizations can also opt to achieve certification through HITRUST, a leading framework that provides a comprehensive approach to managing risk and meeting regulatory requirements for healthtech and healthcare organizations. Our HITRUST readiness assessment services can help your organization prepare for HITRUST’s rigorous requirements. Our goal through each of our healthcare compliance service offerings is to help organizations be responsible stewards of personal health information and decrease the risk of fines and penalties resulting from regulatory audits or security breaches.

Healthcare Compliance:

  • HIPAA Risk Assessments
  • HIPAA Gap Analysis
  • HITRUST Readiness
  • Due Diligence Questionnaires
Internal Audit

The internal audit function helps organizations ensure their business practices, IT architecture, systems of internal controls, and financial reporting processes are aligned with their overall goals. When you outsource or co-source your internal audit to the team at Maxwell Locke & Ritter, you gain insights into the strategic, operational, compliance, and financial risks your company faces and the controls you need to address those risks. Our tech-focused and consultative approach can support an internal audit function including audit coordination, control testing, and documentation with services tailored to suit your requirements.

Internal Audit Services:

  • IA Outsourcing
  • IA Co-Sourcing
  • Enterprise Risk Management
  • ESG Internal Audit Services
IT Risk & Compliance

Our team of experts include IT professionals with experience managing IT and information security, as well as information security auditors with experience evaluating companies against internal control and security frameworks. This combination of expertise allows us to truly understand our clients and their security needs and create specific tactical recommendations designed to mitigate security risk based on current threats. With expertise in both cloud-supported environments and on-premise infrastructure, we customize our security analyses and recommendations to your environment. Common security areas addressed include adequacy of cloud security configurations, firewall configuration, vendor security, and employee training. Our team of advisors is available with a range of IT security services to help your organization navigate today’s complex regulatory environment.

IT Risk & Compliance Services:

  • IT Risk Assessments
  • ISO Readiness & Internal Audit
  • IT Framework Mapping
  • PCI Readiness