Risk & Compliance is the cornerstone of Jefferson Wells

Jefferson Wells’ solutions are strategically designed to address the entire continuum of risk management and compliance activities. This includes risk identification and assessment, control design and operation, testing and reporting.

Internal Audit & Controls

We are skilled, proven performers in internal audit and controls.  After all, that’s the cornerstone on which our firm was founded.  We independently assess, design, implement and test the overall effectiveness of your control environment.  Jefferson Wells can assist you with: 


  • developing an internal audit function or strengthening an existing one  
  • partnering with you on an internal audit co-source or outsource engagement  
  • managing a specific Sarbanes-Oxley project to ensure effective internal controls over financial reporting 

To ensure the thoroughness of our results, our professionals are versed on COSO-based enterprise risk management controls and approaches; COBIT frameworks; and Agile risk-based auditing.

Technology & Security Risk Management

Technology is the cornerstone for many businesses and also high risk.  Every day, the technology and processes supporting your mission-critical business information is subject to attack and exploitation.  Our focus on controls provides cost effective strategies for safeguarding the confidentiality, integrity and availability of information to protect your company’s brand and reputation.  We’re experienced in:


  • Cyber Risk assessments, remediation and implementation 
  • Privacy and regulatory compliance  
  • Business continuity planning   
  • IT governance and risk management programs  
  • IT Audits and assessments to uncover issues and ensure compliance 
  • Analytics and technical solutions that drive business controls 

Our technology risk management professionals have deep knowledge of systems and related IT processes, security governance, data privacy, and cloud computing, as well as significant hands-on experience and hold many designations including CISSP, CISM, CISA, CBCP, and CRISC.  

Financial Services Audit & Compliance

We understand that the banking and finance industry represents a broad spectrum of disciplines and service areas – all subject to regulatory mandates, IT dependencies and performance expectations.


Jefferson Wells provides its financial institution clients with professionals who have significant practical, hands-on financial industry experience, blended with an in-depth knowledge of best practices and our proven, consistent methodologies. Specialty services for risk management, compliance & bank operations include:


  • Internal Audit and IT audit outsourcing / co-sourcing  
  • Cybersecurity and Technology risk assessment  
  • Regulatory Compliance 
  • Enterprise Risk Management 
  • ICOFR - FDICIA / SOX / MAR readiness and testing  
  • Financial Crimes – AML/BSA/OFAC 
  • Loan Operations Support - retail, mortgage, commercial  
  • Loan Review 
  • Vendor Risk Management  
  • Regulatory issue remediation and validation 
  • Model Risk Management 
Enterprise Risk Management

The rapidly evolving risk environment has escalated the strategic importance of effective enterprise wide risk management. Critical risk topics organization must effectively and proactively manage include:


  • Technology and security risks  
  • Third party risk  
  • Occupational health and safety 
  • Demanding regulatory environment 
  • Changing local, state and federal regulations 
  • Talent acquisition and retention 
  • Covid / Post-Covid operations 
  • Environmental, Social, and Governance (ESG) 


Our ERM solution optimizes your existing risk management practices, then fills in the gaps.  


  • Keeping it simple and scalable, Jefferson Wells develops a program aligned with the risk maturity model of your organization.  
  • Our programs are built in partnership with management and integrated into the operations of your business.  
  • Corporate goals are aligned with associated risks.   
  • Actionable results are leveraged during program development.  
  • An integrated standard risk language, process, governance structure, reporting and monitoring is created.  
  • Jefferson Wells approach is phased and efficient and flexible enough to revolve around your unique culture and team dynamics.

Risk and Compliance Enterprise Risk Management Image


Construction Services Center of Expertise

Construction projects are typically among the largest, most complex financial expenditures companies undertake. Adequate internal controls are needed to prevent overpayments and protect against irregularities; ensure procedures are in place to identify and manage risks; and avoid litigation.  Jefferson Wells Construction Services Center of Expertise performs hundreds of construction audits annually, with the construction value of contracts ranging from $2 million to billions.  We have an established model for supporting all aspects of your construction life cycle from planning through project closeout.  Services include: 


  • upfront program risk management services 
  • interim financial and program evaluations 
  • close out financial audits and litigation support services 

Our experienced construction professionals bring industry certifications such as Certified Construction Auditor (CCA) Certified Internal Auditor (CIA); Certified Fraud Examiner (CFE); and Certified Construction Industry Financial Professional (CCIFP). 


Finance & Accounting

Tax Services

Business Optimization

Centers of Expertise

Executive Search

Enterprise Risk Management Program Evaluation Success Story

Large bank requested our expertise to determine if their ERM program’s ability and robustness meets the evolving needs of the organization as well as regulatory expectations.

SOX Compliance Success Story

A global financial services organization needed project management for a SOX compliance initiative spanning multiple countries.

Internal Audit Co-sourcing Success Story

A global Fortune 50 financial services company sought a partner to assist with audit management in North America, Europe and AsiaPac.