Skip to main content
Image coming soon

Building Modern Mid-Market Risk Advisory Practice for Mid-Tier Audit Firms (ERM + Internal Audit + AI Risk + Climate Risk + ISO + Engagement Economics)

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

Building Modern Mid-Market Risk Advisory Practice for Mid-Tier Audit Firms (ERM + Internal Audit + AI Risk + Climate Risk + ISO + Engagement Economics)

Build the modern mid-market risk advisory practice for mid-tier audit firms in 10 weeks. ERM + internal audit + AI risk + climate risk + ISO + engagement economics.

Mid-tier audit firms face mid-market risk advisory complexity: ERM modernisation, internal-audit transformation, AI risk integration, climate risk integration, ISO programme engagement, and engagement economics that work for mid-tier practice. Leaders who build the modern practice take the senior mid-market work. Here is the 10-week build.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Mid-tier audit firms (RSM US, BDO USA, Grant Thornton, Crowe, Baker Tilly, EisnerAmper, Mazars, Marcum, MossAdams, Plante Moran, CohnReznick, CliftonLarsonAllen, FORVIS, Aprio, Withum, Citrin Cooperman, Doeren Mayhew, Carr Riggs Ingram, Wipfli, Boomer Consulting, BPM, Eide Bailly, BKD legacy, Dixon Hughes Goodman legacy, Eisner Advisory, BPM Accountants, Pisenti Brinker, Sax LLP, Friedman LLP, Berkowitz Pollack Brant, Marks Paneth) face mid-market risk advisory complexity in 2024-2026.

Mid-market clients ask for ERM modernisation (COSO ERM 2017 + ISO 31000 + RIMS Risk Maturity Model integration, quantification methodology, scenario analysis), internal-audit transformation (risk-based audit planning, continuous monitoring integration, three-lines-of-defence alignment, integrated assurance pattern, AI-augmented audit), AI risk integration (NIST AI RMF integration, EU AI Act risk classification where applicable, sector-specific AI risk overlay), climate risk integration (TCFD + IFRS S2 + SEC Climate Rule + EU CSRD application), ISO programme engagement (ISO 27001, ISO 22301, ISO 9001, ISO 14001, ISO 45001, ISO 50001, ISO/IEC 42001 AIMS, ISO 27701), and engagement economics that work for mid-tier practice (per-engagement margin, per-account expansion, per-team productivity, per-team AI-tool-adoption tracking).

Leaders who build the modern practice take the senior mid-market work. Leaders who stay on classic compliance-audit-only patterns watch the senior work shift to peers and to Big4 firms moving downmarket.

This course teaches the 10-week build of modern mid-market risk advisory practice for mid-tier audit firms: ERM modernisation framework, internal-audit transformation framework, AI risk framework, climate risk framework, ISO programme framework, engagement economics framework, and the client engagement model. Twelve modules with deliverables. Plus a hand-built implementation playbook for your specific practice and client mix.

What you walk away with

  • A documented ERM modernisation framework.
  • An internal-audit transformation framework.
  • An AI risk framework.
  • A climate risk framework.
  • An ISO programme framework.
  • An engagement economics framework.
  • A client engagement model.
  • A 10-week build plan.

The 12 modules

Module 1. Mid-tier audit firm risk advisory landscape 2026
Detailed walkthrough of the mid-tier audit firm risk advisory landscape in 2026: peer-firm positioning at RSM US + BDO USA + Grant Thornton + Crowe + Baker Tilly + EisnerAmper + Mazars + Marcum + MossAdams + Plante Moran + CohnReznick + CliftonLarsonAllen + FORVIS + Aprio + Withum + Citrin Cooperman + Doeren Mayhew + Carr Riggs Ingram + Wipfli + BPM + Eide Bailly, Big4 downmarket movement positioning, regulatory landscape (PCAOB QC1000, SOX 404 for public mid-market, AICPA SAS 145 risk assessment, NIST AI RMF, EU AI Act, EU CSRD where applicable, SEC Climate Rule, TCFD, IFRS S2, AICPA Trust Services Criteria for SOC 1 and SOC 2, ISO standards landscape), and the strategic-level decisions facing partners and senior managers.
Module 2. ERM modernisation framework
Build the ERM modernisation framework: COSO ERM 2017 alignment, ISO 31000 alignment, RIMS Risk Maturity Model alignment, risk taxonomy framework, risk appetite framework, risk tolerance framework, KRI framework, quantification methodology (FAIR, Monte Carlo, scenario-based, expected-loss), risk-treatment framework, and the integration with broader risk management.
Module 3. Internal-audit transformation framework
Build the internal-audit transformation framework: risk-based audit-planning framework, continuous-monitoring integration, three-lines-of-defence alignment, integrated-assurance pattern (internal audit + risk + compliance + ESG assurance), AI-augmented audit framework, audit-tooling modernisation framework (TeamMate, AuditBoard, Workiva, in-house), audit-talent modernisation framework, and the integration with broader audit leadership.
Module 4. AI risk framework
Build the AI risk framework: NIST AI RMF integration (Govern, Map, Measure, Manage), EU AI Act risk classification (unacceptable, high-risk, limited-risk, minimal-risk, GPAI), sector-specific AI risk overlay (Fed SR 11-7 for FS clients, OCC AI guidance, CFPB UDAAP overlap, NAIC Model Bulletin on AI, EEOC AI guidance, OCR HIPAA application to healthcare AI), AI inventory framework, AI risk-tier assignment, AI risk-treatment framework, and the integration with broader risk management.
Module 5. Climate risk framework
Build the climate risk framework: TCFD aligned reporting, IFRS S2 climate-related disclosures, SEC Climate Rule application where applicable, EU CSRD application where applicable, ISSB-aligned reporting, physical-risk assessment (acute + chronic), transition-risk assessment (policy, technology, market, reputational, legal), scenario-analysis framework (IEA, NGFS, IPCC), climate-conditioned underwriting framework where applicable, and the integration with broader sustainability strategy.
Module 6. ISO programme framework
Build the ISO programme framework: ISO 27001 + ISO 27017 + ISO 27018 + ISO 27701 information security, ISO 22301 business continuity, ISO 9001 quality, ISO 14001 environmental management, ISO 45001 occupational health and safety, ISO 50001 energy management, ISO/IEC 42001 AI management systems, ISO 31000 risk management, ISO 19011 management system auditing, ISO 22000 food safety where applicable, ISO 13485 medical device where applicable, and the integration with broader management systems strategy.
Module 7. SOC framework
Build the SOC framework: SOC 1 Type II framework, SOC 2 Type II framework (Security, Availability, Confidentiality, Processing Integrity, Privacy criteria), SOC 3 framework, SOC for Cybersecurity framework, SOC for Supply Chain framework, AICPA Trust Services Criteria framework, and the integration with broader assurance.
Module 8. Vendor risk framework
Build the vendor risk framework: TPRM modernisation, Nth-party risk, continuous-monitoring pattern (BitSight, SecurityScorecard, RiskRecon, Black Kite, Panorays, OneTrust TPRM, ServiceNow TPRM, ProcessUnity), vendor-onboarding framework, vendor-offboarding framework, vendor-incident-response framework, vendor-concentration-risk framework, and the integration with broader procurement.
Module 9. Engagement economics
Build the engagement economics framework: assessment-engagement structure, design-engagement structure, implementation-engagement structure, retainer engagement structure, per-engagement margin tracking, per-account expansion tracking, per-team productivity tracking, per-team AI-tool-adoption tracking, sub-contractor model, AI-augmented productivity, and the practice-economics framework.
Module 10. Client engagement model
Build the client engagement model: client-CEO engagement framework, client-CFO engagement framework, client-CRO engagement framework, client-CCO engagement framework, client-CISO engagement framework, client-CAE engagement framework, client-board engagement framework, executive-business-review framework, and the integration with broader account management.
Module 11. Practice positioning and case studies
Build the practice positioning: positioning statement, demo (showing ERM modernisation framework, internal-audit transformation framework, AI risk framework, climate risk framework), ROI calculator, case studies (3 minimum), and the discovery-conversation guide. Sales materials that win the next engagement.
Module 12. Your 10-week build plan
Week-by-week plan with weekly deliverables. Weeks 1-2: mid-tier audit firm risk advisory landscape + ERM modernisation framework. Weeks 3-4: internal-audit transformation framework + AI risk framework. Weeks 5-6: climate risk framework + ISO programme framework. Weeks 7-8: SOC framework + vendor risk framework. Weeks 9-10: engagement economics + client engagement model + practice positioning. Deliverable: modern mid-market risk advisory practice.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Module 1 covers the landscape.
Module 2 produces ERM modernisation.
Module 3 covers internal-audit transformation.
Module 4 covers AI risk.
Module 5 covers climate risk.
Module 6 covers ISO programme.
Module 7 covers SOC.
Module 8 covers vendor risk.
Module 9 covers engagement economics.
Module 10 covers client engagement.
Module 11 covers practice positioning.
Module 12 covers the 10-week build plan.

What you get with this course

  • The 12-module course delivered as text plus downloadable templates.
  • Templates and worked examples for ERM modernisation framework, internal-audit transformation framework, AI risk framework, climate risk framework, ISO programme framework, SOC framework, vendor risk framework, engagement economics framework, client engagement model, practice positioning.
  • A hand-built implementation playbook generated for your specific practice and client mix.
  • Three worked examples of modern mid-market risk advisory practices at peer mid-tier audit firms.
  • Scripted talking points for the client CRO and CAE engagement.

What you will have in hand by Day 1, Week 1, Month 1

Day 1: ERM modernisation framework scaffold drafted.

Week 4: Internal audit + AI risk designed.

Week 8: Climate risk + ISO programme + SOC + vendor risk operational.

Week 10: Practice in operation.

Before and after

Before

Your mid-tier audit firm risk advisory practice handles classic compliance-audit-only patterns. ERM modernisation under client expectations strains the practice. AI risk integration is reactive. Climate risk under SEC Climate Rule + EU CSRD application is patchy. Senior mid-market work goes to peers and to Big4 firms moving downmarket.

After

A modern mid-market risk advisory practice is in operation. ERM modernisation framework, internal-audit transformation framework, AI risk framework, climate risk framework, ISO programme framework, SOC framework, vendor risk framework, engagement economics framework, client engagement model, practice positioning are all designed.

What happens if you do not address this

Leaders without the modern practice miss senior mid-market work. PCAOB QC1000 effective; SEC Climate Rule active; EU AI Act high-risk obligations from August 2026; Big4 moving downmarket on AI risk + climate risk + ISO + SOC.

Who it is for

For risk advisory partners, internal audit partners, senior managers in risk advisory practices, audit principals, and senior consultants at mid-tier US audit firms.

Who this is NOT for. Pure tax-focused practitioners without risk advisory scope. Practitioners at firms with no mid-market business. Pure consulting firms without audit DNA.

How it arrives

Text-based course via LMS, plus downloadable templates and worked examples and the hand-built implementation playbook.

Time investment. Roughly 18 hours of reading and 80 to 160 hours of partner / senior-manager effort across the 10-week build.

Why $199 is the right number

External risk-advisory-modernisation consultants (Big4 risk practices, specialist firms like Protiviti, RGP, Resources Global Professionals) charge $200K-$1M for practice-modernisation programmes. $199 buys the focused playbook plus the implementation document for your specific practice.

FAQ

Will this replace hiring a risk-advisory-modernisation consultant?
Partially. It teaches the modern practice. You may still want specialist input for advanced FAIR quantification.
What if my clients are primarily PE-backed (not public)?
Modules 9 and 10 cover PE-backed-anchored patterns.
Does this cover ISO/IEC 42001 AIMS specifically?
Module 6 covers ISO 42001 AIMS in depth.
What about co-source vs out-source internal audit specifically?
Module 3 covers co-source vs out-source patterns.
What is in the implementation playbook for me specifically?
ERM modernisation framework tailored to your specific client mix; engagement economics matched to your specific practice; a 10-week build plan.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!